The Indian Computer Emergency Response Team (CERT) has noted a vulnerability in WhatsApp that allows a remote attacker to attack phones by calling a remote attacker Format Vulnerability CIVN-2019-0181 has been categorized as "Severity High." The WhatsApp issue affects Android and iOS users like the company n and the CERT have recommended.
According to the security message communicated by WhatsApp, WhatsApp can trigger a batch-based buffer overflow by sending a specially crafted message MP4 file to a WhatsApp user. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system.
The new threat is expected to trigger a buffer overflow that causes the attacker to execute arbitrary code. Moreover, the exploitation does not require authentication by the victim. It is executed when downloading a maliciously crafted MP4 file to the recipient system that can be sent by anyone who has access to a user's mobile phone number used for WhatsApp.
The security message reads: "This vulnerability could be exploited successfully Allow the remote attacker to cause conditions such as Remote Code Execution (RCE) or Denial of Service (DoS) that could further endanger the system. "An RCE attack is typically used to run malware on the device, and the attack is made to steal information from the device without the user knowing.
Explains: What is the Israeli spyware Pegasus that monitored WhatsApp?
In the recommendation of WhatsApp it is also found that the problem is the Android version before v2.19.134, WhatsApp Business for Android before v2.19.44, WhatsApp for iOS before v2.19.51, WhatsApp Business for iOS before v2.19.51, WhatsApp for Windows Phone before v2.18.348 and WhatsApp for Tizen before v2.18.15.
However, a WhatsApp spokesman gave no reason to believe that the users were affected. "WhatsApp is constantly working to improve the security of our service. We publish reports of potential issues that we have resolved in line with industry best practices, "the statement says. However, users are recommended to upgrade to the latest version that resolved the problem.
The Facebook recommendation contains no further details about the problem. All we know is that the attacker could exploit the bug to target the system, which sounds similar to most malware or spyware programs.
WhatsApp is currently in the limelight after the Pegasus snooping case, in which an Israeli-based spyware maker uncovering the NSO group used its sophisticated spyware to attack the messaging app and then hack into phones. Pegasus has exploited a bug in the WhatsApp video call feature and has complete control of the device, including its phone calls and messages, after installation on the device, and can even be used to remotely turn on the camera or microphone.