The Computer Emergency Response Team India (CERT-In) has warned WhatsApp users against its vulnerability. The social media messaging group can be attacked while compromising an individual system without seeking any permission. The agency has issued an advisory regarding this matter calling the severity of the threat which is being spread by an MP4 file as “high”.
The advisory has been released followed by the recent developments where WhatsApp had informed the government of India in September that more than a hundred Indian users were targeted by Pegasus which is Israeli spyware.
The advisory quotes that, “vulnerability has been reported in social media messaging app which could be exploited by a remote attacker to execute arbitrary code on the target system.”
Notably, CERT-In is the central body that combats hacking, phishing and fortifies security-related defenses of the internet domain in India. The advisory also suggests upgrading the latest version of messaging app in order to deal with this problem.
It also described the malicious action of the vulnerability in the popular social messaging app and stated, “A stack-based buffer overflow vulnerability exists in messaging application due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system.”
To recall, India has 400 million WhatsApp users which makes the country its biggest market. The agency warned that if users open the video file, the software will itself get installed in the smartphone device similar to Pegasus software. The latter is believed to have used against journalists and activists.
The Computer Emergency Response Team India further added that the vulnerability would have allowed malicious practitioners to access the phones and make unwanted changes to the device regardless of its geographical location.
The advisory added that this level of severity could trigger a buffer overflow condition leading to the execution of arbitrary code by the attacker. It further quoted that, “the exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on victim’s system.”
According to CERT-In’s advisory, the successful exploitation of this vulnerability could enable the remote attacker to cause remote code execution (RCE) or denial of service (DoS) condition. Subsequently, this could lead to further compromise of the system.
It also stated that around six WhatsApp software have been affected by the current vulnerability – WhatsApp for Android prior to 2.19.274, WhatsApp for iOS prior to 2.19.100, WhatsApp Enterprise Client prior to 2.25.3, WhatsApp for Windows Phone prior to 2.18.368, WhatsApp Business for Android prior to 2.19.104 and WhatsApp Business for iOS prior to 2.19.100.
The tech giant which owns WhatsApp, Facebook has appealed to its users to make sure that they use the latest version of the messaging app on their device. The company also urged them to disable the automatic download feature of image and video files.
Reportedly, this vulnerability affects WhatsApp on all major platforms – Android, iOS and Windows. It also negatively impacts the home and business versions of the software.