The Computer Emergency Response Team-India (CERT-In), an Indian cyber security agency has issued an advisory to all users of social media platform WhatsApp. CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain.
The agency has warned WhatsApp users against a “vulnerability” that can attack this popular social media messaging app and compromise individual system without seeking permissions. The advisory suggested “upgrading” to the latest version of WhatsApp to combat the problem.
“A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system. The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on victim’s system,” the advisory said.
Successful exploitation of this vulnerability could allow the remote attacker to cause remote code execution (RCE) or denial of service (DoS) condition, which could lead to further compromise of the system.
Half-a-dozen WhatsApp software have been “affected” by the current vulnerability. They have been identified as WhatsApp for Android prior to 2.19.274, WhatsApp for iOS prior to 2.19.100, WhatsApp Enterprise Client prior to 2.25.3, WhatsApp for Windows Phone prior to 2.18.368, WhatsApp Business for Android prior to 2.19.104 and WhatsApp Business for iOS prior to 2.19.100.