Even as WhatsApp continues to deal with the Pegasus spyware attack, the instant messaging platform has confirmed that its users are facing a new risk. The Facebook-owned app has revealed a new vulnerability that allows hackers to take control of a user’s WhatsApp data - yes, even the data on their smartphones. Notably, the new threat puts both Android as well as iOS users at risk. WhatsApp says that users can be at risk as hackers send them an infected video file in MP4 format and take control of their smartphones.

WhatsApp users who have been affected

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The issue has been noticed in certain versions of the operating systems. It is confirmed that WhatsApp for Android versions prior to 2.19.274, WhatsApp for iOS versions prior to 2.19.100, the Enterprise Client versions prior to 2.25.3, the Windows Phone versions before and including 2.18.368, the WhatsApp For Business for Android versions prior to 2.19.104, and WhatsApp For Business for iOS versions prior to 2.19.100 are affected.

WATCH Zee Business TV LIVE Streaming Online -

How WhatsApp users' smartphones are compromised

“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100,” notes the advisory issued by Facebook.

What WhatsApp users can do to stay safe

The only way to avoid this threat for now is to update to the latest version of WhatsApp. Also, users are advised to switch off auto-download option for media files to ensure that no malicious files are installed on the device.

The platform is trying to recover from a controversy after confirming that a spyware was being used by Israel based company NSO Group to spy on government officials, journalists, activists, lawyers, and various countries globally, including India. WhatsApp has even sued NSO Group, which had long been suspected in the WhatsApp cyberattack that happened earlier this year.