WhatsApp is widely used for various purposes as it allows users to share messages, photos and videos in an instant. But hackers have turned this advantage into a major risk factor as security experts warn users of deadly bug hackers have created to gain access to your smartphones.
While WhatsApp took pride in offering end-to-end security to users, the recent revelation of cyber-espionage using Pegasus left doubts in the minds of many. WhatsApp is the world's largest cross-platform messaging platform that serves over 1.5 billion users, making it an ideal target for hackers. Of late, WhatsApp is not exactly the torchbearer of digital privacy.
The latest threat puts the majority of the WhatsApp users at great risk as hackers could access smartphones using a "specially crafted MP4 file." This should serve as a warning to billion-plus users on the risks of downloading an MP4 file on WhatsApp. The vulnerability, tagged "critical", can deploy malware on the target device to steal sensitive files and also perform surveillance, GBHackers had reported.
Facebook issued an advisory on behalf of WhatsApp, which confirms the vulnerability is known to the company.
"A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE," WhatsApp warned.
The warning also included the versions of WhatsApp that are affected by this vulnerability. If you are using WhatsApp for Android version older than 2.19.274 or iOS versions prior to 2.19.100, you are at huge risk. Additionally, the Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100 are also affected by the MP4 bug.
When an unsuspecting user downloads the malicious MP4 file in question here, it will execute a DoS or RCE attack, which doesn't require any authentication from the WhatsApp user. RCE (remote code execution) can be used to remotely access the affected user's smartphone or PC and make admin changes without consent or knowledge of the user.
The only way users can protect themselves from the critical bug is to update to the latest version of WhatsApp on all platforms.
As the issue comes on the heels of WhatsApp's constant struggle against a horde of privacy issues, ranging from Pegasus spying to malicious files targeted at the app. Recently, WhatsApp users were warned about a serious security flaw that could potentially allow hackers to steal data and chats using malicious GIFs.
Do you feel safe using WhatsApp or have you already switched to other alternatives? Share your thoughts with us.