WhatsApp flaw could have let hackers take control of a phone via an MP4 file

Have you received a strange MP4 file on WhatsApp recently? It’s probably best to avoid downloading it — at least until you update to the latest version. WhatsApp recently fixed a vulnerability that could have allowed hackers to send a specially coded MP4 file, and then remotely take control of a phone and access the messages and files stored on that device.

The flaw is known as CVE-2019-11931, and it affected Android devices with WhatsApp versions before 2.19.274, and iPhones with WhatsApp versions before 2.19.100. Currently, there doesn’t seem to be any indication that the flaw was actually exploited. Facebook, which owns WhatsApp, says the issue was discovered internally — not through any known attacks or a third-party security researcher.

“WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices,” said a Facebook spokesperson in a statement to The Hacker News. “In this instance, there is no reason to believe that users were impacted.”

There isn’t much extra information about the vulnerability or how it works, but as long as users update to the latest version of WhatsApp, they shouldn’t have any issues.

Recently, WhatsApp sued Israeli mobile surveillance company NSO Group over an exploit that was used to attack hundreds of different phones. These included the likes of human rights defenders, journalists, and more. This particular attack disguised malicious code as call settings, and allowed the attackers to deliver code to phones as if it came from WhatsApp’s servers. Once the initial code was delivered, attackers were able to inject more malicious code into a device’s memory. In total, 1,400 devices were affected.

In general, it’s recommended to ensure that all your apps are kept up to date, so as to make sure that any security issues are patched. There are other things you can do to ensure that your phone remains uncompromised. For example, if you have an Android phone, you can make sure to only download apps from the Google Play Store. It’s also important to always make sure that your version of Android or iOS is the latest version — especially considering the fact that security vulnerabilities often exist in the operating system.