A new WhatsApp security vulnerability leaves users’ files and messages exposed to access from attackers.
Facebook issued a security advisory last week which warned WhatsApp Messenger users that a modified MP4 video file could be used to initiate remote code execution (RCE) and denial of service (DoS) attacks.
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user,” the advisory stated.
The susceptibility could make it possible for malicious actors to gain access to messages and files stored on a compromised device.
Both the consumer versions of the Android and iOS app, as well as the Enterprise and Business editions have been affected.
Facebook said that Android versions prior to 2.19.274 and iOS versions older than 2.19.100 are vulnerable.
Latest updates fix the issue
WhatsApp has rolled out a patch for the vulnerability, meaning that more recent versions than those mentioned above, should be safe from attack.
Users who are running older versions of WhatsApp are encouraged to update their app.
According to Softpedia, there appear to be no reported cases of exploits of the flaw at this time.
News of this vulnerability follows the discovery of a previous exploit in WhatsApp’s Calling feature, which made it possible to install malware on a targeted device, giving hackers total control of the victim’s smartphone.
At the end of last month, WhatsApp announced it was suing Israeli-based cyber intelligence organisation NSO Group for its suspected involvement in the development of this malware.