WhatsApp is the most used messaging platform. It has been affected by so many vulnerabilities. Recently it got hit by “Pegasis Malware”. As WhatsApp recovered from this vulnerability, it got hit by another. WhatsApp announced that hackers are using another Pegasus like malware to control and steal data from a user’s device.
Pegasus used the video calling feature of the app to gain access to a device, This new malware can enter in a device with mp4 video format. A security message notified by WhatsApp’s parent company Facebook said, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
This vulnerability could allow a hacker to force “Denial of Services (DoS) and Remote Code Execution (RCE)” which could be used to compromise any device running Android, iOS or Windows. A hacker could use a person’s cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability. This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Facebook confirmed that WhatsApp for Android versions prior to 2.19.274, WhatsApp for iOS versions prior to 2.19.100, the Enterprise Client versions prior to 2.25.3, the Windows Phone versions before and including 2.18.368, the WhatsApp For Business for Android versions prior to 2.19.104, and WhatsApp For Business for iOS versions prior to 2.19.100 are affected.
WhatsApp has claimed that they have released a patch for this malware that can be downloaded from Play Store.