Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now


You can switch off notifications anytime using browser settings.
11,921.50-96.9
Stock Analysis, IPO, Mutual Funds, Bonds & More

WhatsApp identifies new holes, warns of malicious MP4 file

India is WhatsApp's biggest market with 400 million users. The development comes just weeks after WhatsApp sued Israeli company, NSO group, over the alleged misuse of their spyware Pegasus, that was installed in the phones of 1400 users, including...

, TNN|
Updated: Nov 18, 2019, 11.44 AM IST
0Comments
ICERT has issued a new vulnerability note, WhatsApp users are at risk again
ICERT has issued a new vulnerability note, WhatsApp users are at risk again
(This story originally appeared in on Nov 18, 2019)
NEW DELHI: WhatsApp has identified a vulnerability that could have been exploited through a malicious MP4 file. India's computer Emergency Response Team (Cert-in) described the vulnerability's severity rating as "high" and has advised users to update to the latest version of WhatsApp.

The vulnerability, identified as CVE-2019-11931, affected both Android and iOs systems but it is unclear if any users were impacted. The company has rolled out a security update.

"WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted," WhatsApp said in a statement on Sunday.

India is WhatsApp's biggest market with 400 million users. The development comes just weeks after WhatsApp sued Israeli company, NSO group, over the alleged misuse of their spyware Pegasus, that was installed in the phones of 1400 users, including at least 120 Indians. Many of those who were spied on were journalists, rights activists and lawyers.

In a post on it's securities and advisory page, WhatsApp's parent company Facebook confirmed the vulnerability on November 14. The post describes the vulnerability as "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."

Although this description is vague, Cert-in website gives more details. It states that the vulnerability can be "exploited by a remote attacker to execute arbitrary code on the target system."

Also Read

WhatsApp ‘exits’ accounts of J&K users

WhatsApp snooping row: Baghel orders probe

WhatsApp introduces catalogs for small businesses

WhatsApp introduces 'Catalogs' for small businesses

Snooping boosts government's WhatsApp traceability case

Comments
Add Your Comments
Commenting feature is disabled in your country/region.
Download The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.

Other useful Links


Follow us on


Download et app


Copyright © 2019 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service