WhatsApp has been hit by a security vulnerability that allows hackers to target victims using a specially-crafted MP4 file.
The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyber-attack. Users are recommended to update their WhatsApp app to avoid being targeted.
Facebook has issued an advisory, saying “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
Hackers can use the WhatsApp vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purpose.
“The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication,” claimed a report on gbhackers.com.
This new vulnerability comes days after an Israeli software Pegasus exploited WhatsApp’s video calling system to snoop on 1,400 selected users globally.