Home/ Technology / App News/  WhatsApp confirms no users were impacted by new vulnerability
Back

WhatsApp confirms no users were impacted by new vulnerability

 1 min read Prasid Banerjee 18 Nov 2019, 02:52 PM IST

The outcome of the vulnerability is similar to that of the recent Pegasus exploit, which allowed hackers to infiltrate and gain control by placing a missed call
  • All you need to do is make sure you’re not downloading such files from unknown sources

    • MP4 file formats are often used to share songs and other audio filesPremium
    MP4 file formats are often used to share songs and other audio files

    The India Computer Emergency Response Team (CERT-In) has issued a vulnerability note for WhatsApp users. Apparently, attackers can compromise your smartphone by sending a malicious MP4 file via the world’s most popular instant messaging service.

    The outcome of the vulnerability is similar to that of the recent Pegasus exploit, which allowed hackers to infiltrate and gain control over a user’s phone by simply placing a missed call. However, in this case the user will have to actually download the MP4 file that is being sent to him or her, which makes it slightly easier to monitor manually than the Pegasus exploit earlier.

    All you need to do is make sure you’re not downloading such files from unknown sources. MP4 file formats are often used to share songs and other audio files. “The script is executed only when the user has downloaded the file," explained ethical hacker and web security researcher Ehraz Ahmed.

    Since the attacker can execute any code they want on your phone, this vulnerability too would allow them to look at your texts, listen to you using your phone’s microphones etc, at least theoretically. “What code will run on your system will depend entirely on what level of access the attacker is looking for," Ahmed added.

    However, WhatsApp has confirmed that a patch had been issued for this vulnerability earlier, and that no users were harmed. “WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted," a WhatsApp spokesperson told Mint.

    According to CERT and Facebook’s advisories on the loophole, the following WhatsApp versions are affected by the vulnerability.

    • WhatsApp for Android prior to 2.19.274
    • WhatsApp for iOS prior 2.19.100
    • WhatsApp Enterprise Client prior to 2.25.3
    • WhatsApp for Windows Phone prior to 2.18.368
    • WhatsApp Business for Android prior to 2.19.104
    • WhatsApp Business for iOS prior 2.19.100


    That means if you are on any of these versions of WhatsApp, you should update to newer versions of the app. The current version of WhatsApp on Google Play seems to be version 2.19.330, while the iOS version stands at version 2.19.112.

    ABOUT THE AUTHOR
    Prasid Banerjee
    An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
    Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Updated: 18 Nov 2019, 02:52 PM IST
    OPEN IN APP
    Recommended For You

    Wait for it…

    Log in to our website to save your bookmarks. It'll just take a moment.

    Yes, Continue

    You are just one step away from creating your watchlist!

    Login Now

    Wait for it…

    Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.

    Your session has expired, please login again.

    Yes, Continue
    ×
    Get alerts on WhatsApp
     Set Preferences My Reads Watchlist Feedback Redeem a Gift Card Logout