Want to keep your WhatsApp chats safe? Update app now
A few weeks after the NSO Group debacle (wherein a malware was injected into WhatsApp for snooping), the messaging service is facing flak for another vulnerability in its system, a bug that hackers can exploit to snoop on your phone. The issue exists in both Android and iOS versions of the app and can be leveraged by simply sending you a malicious MP4 video.
Flaw allows remote code execution on phones
The bug, dubbed CVE-2019-11931, opens a way for hackers to share a specially-crafted MP4 on your WhatsApp and use the same to remotely execute malicious code or conduct denial of service (DoS) cyber-attack on your device. There is no evidence of an exploit of the vulnerability, but if it happens, one would easily be able to read your private chats and steal your data.
No reason to believe users were impacted, says WhatsApp
Following reports raising security concerns, the Facebook-owned service issued a statement saying, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user." It added, "The issue was present in parsing the elementary stream metadata of an MP4" but emphasized that "there is no reason to believe users were impacted."
Several versions of WhatsApp impacted by the bug
That said, the company did note that flaw is present in several versions of the messaging service, including Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368. Even WhatsApp Business has been impacted, particularly Android versions prior to 2.19.104 and iOS versions prior to 2.19.100.
So, what to do now?
Though there is no exploit for the bug in the wild, having a vulnerability is not at all good. This is why, as a precautionary step, we would recommend you to update WhatsApp to the latest available version right away. The company has patched the bug, which means updating it will close the loophole and end even the slightest possibility of an exploit.
