New WhatsApp Bug found in both Android and IoS by Sending Crafted MP4 File
By MYBRANDBOOK
A new critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.
The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyberattack. “The vulnerability is classified as ‘Critical’ severity. It affected an unknown code block of the component MP4 File Handler in WhatsApp,” gbhackers reported.
Facebook said, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
The vulnerability affected the following Versions:
· Android versions prior to 2.19.274
· iOS versions prior to 2.19.100,
· Enterprise Client versions prior to 2.25.3
· Business for Android versions prior to 2.19.104
· Business for iOS versions prior to 2.19.100
· Windows Phone versions before and including 2.18.368
The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp. Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.
Hackers can take advantage of this vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes. The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication.
This is not the first time Remote code execution vulnerability found in WhatApp in this year, we have reported another WhatsApp RCE Vulnerability in last month that allowed remote hackers to steal the files in your Android phone using malformed GIF’s. There is no technical details are available for this critical WhatsApp Vulnerability and an exploit is not available at this moment.
The news comes on the heels an Israeli software Pegasus by cyber intelligence company NSO Group that exploited its video calling system to snoop on 1,400 users globally. In India, the list included human rights activists and journalists. The issue snowballed into a political one and the Indian government denied either purchasing or planning to purchase the infamous software in question.
“We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson had said in a statement.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
TEJAS NETWORKS INDIA PVT. LTD.
IBALL WORLDWIDE PVT. LTD.
TAC SECURITY SOLUTIONS
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
Technology Icons Of India 2023: Amit Chadha
. An influential leader in the engineering services industry for over ...
Technology Icons Of India 2023: Dilip Asbe
Dilip Asbe is the MD & CEO of National Payments Corporation of India (...
Technology Icons Of India 2023: Aalok Kumar
Aalok continues to lead the India business and further strengthen Indi...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...