Wednesday, October 21, 2020
Home Lead Story No User Data Affected From New MP4 File Bug, Claims WhatsApp

No User Data Affected From New MP4 File Bug, Claims WhatsApp

The RCE vulnerability may allow hackers to perform the attack remotely without any sort of authentication

WhatsApp on Monday said no user data was affected owing to a new bug where a specially-crafted malicious MP4 file may have used the vulnerability to trigger the remote code execution (RCE) and denial of service (DoS) cyber attack when downloaded by a user on both Android and iOS devices.

Reports on Sunday claimed that hackers can use the WhatsApp vulnerability to deploy the malware on the user’s device to steal sensitive files and snoop on them — the way an Israeli software Pegasus developed by cyber intelligence company NSO Group did by exploiting the video calling system in the Facebook-owned to snoop on 1,400 selected users globally and in India, including human rights activists and journalists.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry-best practices. In this instance, there is no reason to believe users were impacted,” a company spokesperson said in a statement shared with IANS.

The micro-blogging platform has already issued a security update on this bug.

Facebook had earlier issued an advisory, saying “a stack-based buffer overflow could be triggered in WhatsApp by sending a specially-crafted MP4 file to a WhatsApp user.”

“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

Whatsapp
Security experts have warned that blaming Whatsapp for the spyware would not be right. Pixabay

The vulnerability is classified as “critical” severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

The Pegasus-NSO Group issue snowballed into a political one, with the Indian government directing WhatsApp to submit a reply over the matter.

The government also denied either purchasing or planning to purchase the infamous software in question.

Also Read: Social Media Giant Facebook Still a Fertile Ground for Promoting Anti-vaccine Posts

The new vulnerability is found in Android versions prior to 2.19.274; iOS versions prior to 2.19.100; Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.

The RCE vulnerability may allow hackers to perform the attack remotely without any sort of authentication. (IANS)

STAY CONNECTED

19,120FansLike
362FollowersFollow
1,781FollowersFollow

Most Popular

COVID-19 Can Lead to Infertility in Men, says Study

COVID-19 can cause male infertility by harming the testicular cells which produce sperms thereby making it difficult to make the female pregnant, says a...

Fashion Trends to Look Your Best in this Festive Season

It's a time to pause, to relook, to rethink - It's the time to revive the spirits. This year festivities will not be like...

Perfect Hairstyle Tips for the Festive Celebrations

It's Durga Puja time! It's the most awaited period of the year for many of us. And if you are among the ones who...

Proper Ventilation Key Factor to Prevent COVID Spread

New research adds to the growing body of evidence that effective or proper indoor ventilation may be a key factor in preventing the spread...

The 21-Day Immunity Plan To Follow: Book Review

With 80 percent of chronic disease attributable to lifestyle and linked environmental factors and within the lifestyle hierarchy, poor diet being the most important...

Tattoos May Impair Natural Sweating and Cause Overheat of Body

Researchers have found that tattoos may impair natural sweating, potentially causing the body to overheat if the tattoos cover a large area of the...

Amazon Allowing Work From Home Untill June 2021

Amazon is allowing its corporate employees to avail of the work from home option, if their roles permit, till June 2021. Amazon had earlier said...

Netflix Has Much Work to Do in Indian Market

Content streaming giant Netflix which reported slow growth in its third-quarter (July-September period) despite the social distancing times admitted that it has much work...

Recent Comments