Facebook-owned WhatsApp has confirmed a security exploit in its app on iOS, Android, and Windows Phone that allowed hackers to access users WhatsApp messages and data using a backdoor.
In a Security Advisory note published by Facebook, they state:
Description: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.Facebook security advisory
Facebook makes clear, the latest version of its applications are not affected, only those listed in the note. A WhatsApp spokesperson also made clear they believe no users were affected, telling Forbes:
“is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted.”WhatsApp spokesperson
Reportedly, a hacker would be able to gain access by sending an MP4 file to a targeted user’s phone number. Hence, it would then provide the ability for remote code execution attacks.
If there are any developments to this story, this page will be updated, for the utmost latest, follow us on Twitter @AppleTerminal