This would be a “a critical vulnerability” that would affect both iOS devices as the Android. The company recommends to update the application to resolve the problem.
Facebook, owner of WhatsApp, has discovered a “critical vulnerability” in WhatsApp, which affects both the Android devices such as the iOS and allows hackers to steal the personal information of the users stored in the application by sending them an MP4 video malicious.
The owner of WhatsApp, Facebook, has announced that in the previous versions of WhatsApp a vulnerability exists in the e-mail application that can be used by hackers to launch DoS attacks (denial of service) or RCE (remote code execution).
“You can activate a buffer overflow based on a stack in WhatsApp by sending a specially crafted file to a user of WhatsApp. This problem was present in the analysis of the metadata blocks of an MP4 file and can lead to a DoS attack, or CERS,” explains Facebook.
The DoS attack is based on overloading the systems of the victim so that the device or network of the victim is no longer available to access the theft of your personal information. The RCE, on the other hand, is a computer attack in which the cybercriminal can cause code to be executed remotely by the device of the victim, while he is responsible for developing its own programming to get full access to the device of the victim.
In this case, to access the data of the victims, the hacker needs to send a MP4 file to the victim through the application. If open, the attacker exploits the vulnerability of the application of overflow of the stack buffer to launch DoS attacks or REC and steal the information stored in the application.
This vulnerability is a software error that occurs when a program does not adequately track the amount of data copied and stored in a memory designed for this purpose. If the amount of data to store exceeds its capacity, the “bytes” remaining are stored in areas of memory adjacent overwriting its original content, which usually belongs to data or codes stored in memory. The result is a vulnerability that can be exploited by a hacker for malicious use.
According to a statement from Facebook, this vulnerability has affected both iOS devices as Android devices in earlier versions of WhatsApp. The error was corrected with the update of October 3, but still affect the devices with outdated software.
More concretely, the versions of Android prior to version 2.19.274, the versions of iOS prior to version 2.19.100, the versions of Enterprise Client prior to version 2.25.3, versions of Windows Phone prior to version 2.18.368 included, the versions of Business for Android prior to version 2.19.104 and versions of Business for iOS prior to version 2.19.100 are affected.