A new WhatsApp security vulnerability has been detailed that allows attackers to gain access to personal messages and files using a malicious video file.
According to the report, the “specially crafted MP4” video file triggers a buffer overflow, a vulnerability that was exploited via a voice call on the service earlier this year.
No ad to show here.
Facebook detailed the vulnerability in an advisory, explaining that metadata present in the MP4 could allow an attacker to execute remote code on the victim’s device.
This could effectively allow an attacker to gain access to personal messages or files on the victim’s device.
According to a response from WhatsApp to The Next Web, the messaging service does not believe users were impacted. However, it’s important that you ensure your WhatsApp version is up to date.
Facebook noted that the affected versions of WhatsApp are as follows:
- Android versions prior to 2.19.274;
- iOS versions prior to 2.19.100;
- Enterprise Client versions prior to 2.25.3;
- Business for Android versions prior to 2.19.104;
- Business for iOS versions prior to 2.19.100.
WhatsApp has patched newer versions of its apps.
Feature image: WhatsApp