WhatsApp reveals a new vulnerability that allows hackers to access third-party conversations, photos and video by sending an MP4 video file with malicious code.
WhatsApp has confirmed that they have detected a bug in the application that would allow anyone with the right knowledge to spy on third-party conversations and even take control of the smartphone by sending a video file in MP4 format with malicious code.
The bug is present in WhatsApp for iOS in versions 2.19.100 or less and for Android in versions 2.19.274 or less. It also affects WhatsApp Business , especially serious in these cases of the possibility of accessing data remotely.
The news has been known through a discreet security note published by Facebook – who acquired WHatsApp a few years ago – on November 14. The affected versions are quite recent, last October. It is understood that the ruling has already been resolved but potentially hundreds of millions of people could have an old version of the app and be victims of the attack.
It is not the first time WhatsApp accepts that a vulnerability in your app can be exploited by simply sending a file, which can be as “innocent” as a video. Last October it was discovered that a GIF with extra malicious code gave access to all the file folders of the application, thus accessing conversations, videos and photos.
The point-to-point encryption offered by WhatsApp and which it has presumed as one of its major differences does not necessarily protect access to data in this type of vulnerability.
The company has also not reported whether it is a revelation by a group of hackers or its own discovery that they have decided to disclose. As always, the best way to be sure is to keep the applications updated to the latest possible version, in addition to the operating system.