New Bug that hacks WhatsApp and makes DoS Attacks through crafted MP4 Files


A latest risky threat has been identified in both Android/iOS devices' WhatsApp version. The bug allows hackers to transmit tampered MP4 folders to WhatsApp users, which enables the Dos and Remote Code Execution Attack. Whatsapp is one of the most popular social media apps in the world, with billions of Android and ios users. The threat is categorized as a “Risky” vulnerability that struck a remote code block of MP4 files in the Whatsapp database. The bug exploits the user's device and manipulates a piece of information to hit the memory of WhatsApp Messenger.



The vulnerability allows hackers to use the bug on the user’s smartphone to take important data and also allows surveillance of user activity. “The bug can activate a stack-based buffer in the user's Whatsapp account by transmitting tampered MP4 folders. The problem was already breaking down the primary metadata of the MP4 files. This could lead to an RCE or DoS attack," says the Facebook advisory board on behalf of WhatsApp.

About RCE Vulnerability- 

In an RCE hack, attackers purposely misuse a primitive code performance vulnerability to run the virus. RCE can have harmful results on a network—by urging the affected system to execute code performance, the attacker can conduct his performing. The threat also enables hackers to execute the attack without any kind of verification. Known as CVE-2019-11931, the vulnerability can be tracked using the same. It is not the first time that such an attack has occurred on Whatsapp, another similar RCE attack was discovered last month that allowed hackers to steal files from users' WhatsApp account using wicked Gifs.

As of now, no factual details about the vulnerability are available. The experts are still inquiring about the issue. "No proof was found for the vulnerability that caused the exploit," said Whatsapp spokesperson to GBHackers. He further says, “WhatsApp is steadily striving to upgrade the safety of our assistance. We give open statements on possible problems that we have solved steadily with management friendly manners. In this case, there is no evidence to assume users were affected.”


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2rf0JEF