WhatsApp, like other smartphone apps such as Telegram and Snapchat, it is not exempt from suffering from certain security holes that compromise the data of its users. This has been evident in the past, as well as now, which deals with another problem that can affect the privacy of an unspecified number of people.
The new WhatsApp problem that occurs today has to do with malicious MP4 files. This has been officially communicated by Facebook, so it is already being investigated and will soon be ending.
In detail, according to what has been revealed, the MP4 can activate the tag by sending a specially crafted MP4 file. The potential hacker can inject code by parsing the elemental stream metadata of an MP4 file that could cause DoS (denial of service attack) or can even initiate remote code execution. You do not need any authentication to perform the attack remotely. The company has classified the vulnerability as 'Critical' due to the serious consequences it could cause if someone misuses the loophole.
The critical bug is found in WhatsApp versions prior to 2.19.274 on Android and iOS versions prior to 2.19.100. Similarly, the problem is present in Enterprise client versions 2.25.3 and earlier; Windows versions included and prior to 2.18.368; Business for Android version 2.19.104 and earlier; Business for iOS versions prior to 2.19.100.
Hackers can inject malware or any explicit code that might have compromised the data and essential information of various users. It can even become a back door for surveillance purposes. However, the problem was found by the internal team and was not disclosed by any researcher or analyst. But no one knows that someone could have used it to intercept the data.
We hope that the company will release an immediate update patching the bug. The issue can be addressed under the code 'CVE-2019-11931'.
