Published on November 18th, 2019 📆 | 5448 Views ⚑0
CERT-In warns WhatsApp users about a new vulnerability, Technology News, ETtech
An MP4 file extension is a compressed file format that can not only carry video, but audio and subtitles as well.
The vulnerability, which does not require any form of authentication from the victim, executes when the maliciously crafted file is downloaded on the receiver’s system.
It allows the attacker to cause remote code execution (RCE) or denial of service condition (DoS), which could further compromise the system.
Remote code execution enables an attacker to access someone else’s computing device and make changes, no matter where the device is geographically located.
CERT-In rated the severity “high” and advised users to upgrade to the latest version of WhatsApp. The advisory was also put up by Facebook last week on its website.
Facebook warned that a ‘stack-based buffer overflow’ could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.
“We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted,” WhatsApp said in an email to ET,adding it was constantly working to improve the security of its service.
A buffer overflow is a common software coding mistake that an attacker could exploit to gain access to a system. The description of the new ‘buffer overflow vulnerability’ is similar to the one received by CERT-In from WhatsApp during the alleged Pegasus snooping case where Israel-based spyware maker NSO Group has come under the lens.
The new vulnerability comes at a time when quite a few human rights activists, lawyers, journalists, and opposition politicians in India have found their WhatsApp accounts hacked. The Indian government has denied purchasing the spyware.