WhatsApp’s parent company Facebook recently posted an advisory stating that a flaw which allowed MP4 files to be exploited has been patched in recent updates. The security flaw is present on WhatsApp versions prior to 2.19.274 on Android, and 2.19.100 on iOS. This also applies to prior versions of the Enterprise and Business versions of the application found on both platforms.
The exploit works by allowing attackers to send a file posing as an MP4 video to an unsuspecting user’s device which remotely executes a malicious code if the file is accessed. The infected file could result in a DoS (denial of service) or RCE (remote code execution) which could lock users out of certain applications or their phone, as well as giving hackers access to view and obtain sensitive information.
Speaking to The Next Web in regards to this exploit, a WhatsApp spokesperson stated the bug has not affected any of its users, but it’s advisable that they should update to the latest version of the application. The spokesperson also added that the messaging service will continue to locate any potential threats and further improve the application’s security.
For our reader’s reference, the current version of the WhatsApp application on Android is 2.19.336, while on iOS devices is version 2.19.112.