General News WhatsApp’s critical security bug poses threat from malicious MP4 Files

[Nairrk]

From the past few years, WhatsApp has remained the favorite target for hackers and social intruders. The popular messaging service has recorded various data theft issues in the past. It has remained in headlines since recent weeks over the vulnerabilities and data thefts by Israeli spyware firm NSO. The messaging app is once again in the talks as Facebook has issued an official advisory regarding a critical bug posing threat from malicious MP4 files.

In detail, the MP4 can trigger tag by sending a specially crafted MP4 file. The potential hacker can inject code by parsing the elementary stream metadata of an MP4 file that could result in DoS (Denial-of-service attack) or can even initiate Remote Code Execution. It does not need any authentication to perform the attack remotely. The company has classified the vulnerability as ‘Critical’ due to the severe consequences if someone misuses the loophole.

Read

[Nairrk]

WhatsApp claims MP4 file bug does not affect user data

WhatsApp was recently accused of having a bug that allows malicious MP4 file to collect all user data. It was being used as a vulnerability to trigger the remote code execution (RCE) and denial of service (DoS) cyber-attack when downloaded by a user on both Android and iOS devices. The company has just said in a statement that no user data was affected.

Reports on Sunday claimed that hackers can use the WhatsApp vulnerability to deploy the malware on the user's device to steal sensitive files and snoop on them -- the way an Israeli software Pegasus developed by cyber intelligence company NSO Group did by exploiting the video calling system in the Facebook-owned to snoop on 1,400 selected users globally and in India, including human rights activists and journalists.

Read