Never miss a story

Get subscribed to our newsletter


×
FILE - The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

WhatsApp on Monday said no user data was affected owing to a new bug where a specially-crafted malicious MP4 file may have used the vulnerability to trigger the remote code execution (RCE) and denial of service (DoS) cyber attack when downloaded by a user on both Android and iOS devices.

Reports on Sunday claimed that hackers can use the WhatsApp vulnerability to deploy the malware on the user’s device to steal sensitive files and snoop on them — the way an Israeli software Pegasus developed by cyber intelligence company NSO Group did by exploiting the video calling system in the Facebook-owned to snoop on 1,400 selected users globally and in India, including human rights activists and journalists.


“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry-best practices. In this instance, there is no reason to believe users were impacted,” a company spokesperson said in a statement shared with IANS.

The micro-blogging platform has already issued a security update on this bug.

Facebook had earlier issued an advisory, saying “a stack-based buffer overflow could be triggered in WhatsApp by sending a specially-crafted MP4 file to a WhatsApp user.”

“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”


Security experts have warned that blaming Whatsapp for the spyware would not be right. Pixabay

The vulnerability is classified as “critical” severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

The Pegasus-NSO Group issue snowballed into a political one, with the Indian government directing WhatsApp to submit a reply over the matter.

The government also denied either purchasing or planning to purchase the infamous software in question.

Also Read: Social Media Giant Facebook Still a Fertile Ground for Promoting Anti-vaccine Posts

The new vulnerability is found in Android versions prior to 2.19.274; iOS versions prior to 2.19.100; Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.

The RCE vulnerability may allow hackers to perform the attack remotely without any sort of authentication. (IANS)


Popular

VOA

This image released by Disney Theatrical Productions shows, from second left, Michael James Scott as Genie, Michael Maliakel as Aladdin, and Shoba Narayan as Jasmine after a performance of the Broadway musical "Aladdin" in New York on Sept. 28, 2021

As kids growing up in different states, Shoba Narayan and Michael Maliakel shared a love of one favorite film — "Aladdin." Both are of Indian descent, and in the animated movie, they saw people who looked like them.

That shared love has gone full-circle this month as Narayan and Maliakel lead the Broadway company of the musical "Aladdin" out of the pandemic, playing Princess Jasmine and the hero from the title, respectively.

Keep Reading Show less
VOA

Bottles of Jack Daniel's whiskeys are displayed at Rossi's Deli in San Francisco

Jack Daniel's is the world's most popular whiskey brand, but until recently, few people knew the liquor was created by Nathan "Nearest" Green, an enslaved Black man who mentored Daniel.

"We've always known," says Debbie Staples, a great-great-granddaughter of Green's who heard the story from her grandmother. … "He made the whiskey, and he taught Jack Daniel. And people didn't believe it … it's hurtful. I don't know if it was because he was a Black man."

Keep Reading Show less
Photo by Aksh yadav on Unsplash

Cricket fans can now book the ultimate experience with the official accommodation booking partner for the ICC Men's T20 World Cup

Cricket fans can now book the ultimate experience with the official accommodation booking partner for the ICC Men's T20 World Cup, Booking.com. The T20 Pavillion, a bespoke cricket-themed luxury stay that transforms the Presidential Suite at Grand Hyatt Mumbai Hotel and Residences into a classic cricket stadium.


The suite offers guests an all-inclusive once-in-a-lifetime experience during the India vs Pakistan ICC Men's T20 World Cup match on October 24, 2021, packed with quirks and luxuries that is sure to satisfy even the biggest cricket enthusiast. Additionally, as a part of the experience, guests will also have the exclusive opportunity to meet Bollywood actor Shraddha Kapoor at The T20 Pavilion.

Keep reading... Show less