Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
0Reported today on TechSpot
For the full article visit: http://bit.ly/35joElj
Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
Facebook fixed the issue in the latest app update
A hot potato: As Facebook is working to unify the backend of social and messaging platforms it owns, a new flaw shows the company still has a lot of work left to do on the security front. After the Facebook app was hit by a bug that opens the camera in the background, the company quietly fixed another one present in WhatsApp that could prove even more dangerous.
Facebook has disclosed a vulnerability in WhatsApp that allowed an attacker to take complete control over your smartphone by creating a special MP4 file and sending it to you. Because of the way it is coded, playing the file would force the app to write more data to a buffer than it's allowed, causing a buffer overflow. In turn, that makes it possible for attackers to corrupt the data in your phone's RAM to steal chat messages or remotely access files stored on the device.
The flaw was quietly patched by Facebook in a recent update, so it's worth keeping in mind that you shouldn't open any video file you've received until you make sure you're running the latest version. The issue affects iPhones running WhatsApp versions before 2.19.100, Android versions prior to 2.19.174, and even Windows Phone versions before and including 2.18.368 -- which isn't going to be patched for the estimated 10 million people who are still using the platform.
A Facebook spokesperson said in a statement that "WhatsApp cares deeply about the privacy of our users and we're constantly working to enhance the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices." The