CERT-In asks users to update WhatsApp after finding MP4 video file vulnerability


The Indian Computer Emergency Response Team (CERT-in), a node agency that deals with cybersecurity-related threats, asked Indian WhatsApp users to update their applications after Facebook recently reported aMP 4 video file vulnerabilities.

“A stack-based buffer overflow vulnerability exists in WhatsApp due to incorrectly parsing the basic metadata of MP4 files. Remote attackers can attack this vulnerability by sending a carefully constructed MP4 file to the target system. This could trigger a buffer An overflow condition caused an attacker to execute arbitrary code. This attack does not require the victim to provide any form of authentication and is performed when a malicious MP4 file is downloaded maliciously, “CERT-in said on its website.

The agency said that remote hackers could use the vulnerability to execute arbitrary code on the target device

“Successful exploitation of this vulnerability could allow remote attackers to cause remote code execution (RCE) for denial of service (DoS) conditions, further jeopardizing the system,” it added.

But WhatsApp said no users were affected by the new vulnerability.

He said: “WhatsApp has been working to improve the security of our services. We announced that we have reported potential issues that we have pinned with industry best practices. In this case, there is no reason to believe that users have been affected,” WhatsApp spoke People told Mint.

According to Facebook’s advice, Android versions before 2.19.274, iOS versions before 2.19.100, enterprise client versions before 2.25.3, Android versions before 2.19.104, iOS versions before 2.19.100, and 2.18 Vulnerabilities exist in versions of Windows Phone prior to .368.

Also read: WhatsApp Vulnerability, Putting User Data at Risk

WhatsApp was recently hacked using Pegasus, a spyware made by the Israeli NSO Group. Spyware exploited a vulnerability in the WhatsApp video calling feature, allowing hackers to spy on 1,400 individuals around the world. Some users in India have also become targets of Pegasus spyware. The Indian government asked the instant messaging company to explain the hacking of spyware.

“We agree with the strong statement of the Indian government regarding the need to protect the privacy of all Indian citizens. That is why we have taken this powerful action to hold cyber attackers accountable, and why WhatsApp is so committed to protecting all user information through our products “WhatsApp spokesperson said.

Solemnly declare: The copyright of this article belongs to the original author. The reprinted article is only for the purpose of disseminating more information. If the author’s information is incorrectly marked, please contact us to modify or delete it immediately.

.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *