In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .
Agree

Tech

[News] WhatsApp confirms no users were impacted by new vulnerability

2019-11-18 23:28:22
373 8
The India Computer Emergency Response Team (CERT-In) has issued a vulnerability note for WhatsApp users. Apparently, attackers can compromise your smartphone by sending a malicious MP4 file via the world’s most popular instant messaging service.

The outcome of the vulnerability is similar to that of the recent Pegasus exploit, which allowed hackers to infiltrate and gain control over a user’s phone by simply placing a missed call. However, in this case the user will have to actually download the MP4 file that is being sent to him or her, which makes it slightly easier to monitor manually than the Pegasus exploit earlier.

All you need to do is make sure you’re not downloading such files from unknown sources. MP4 file formats are often used to share songs and other audio files. “The script is executed only when the user has downloaded the file," explained ethical hacker and web security researcher Ehraz Ahmed.

Since the attacker can execute any code they want on your phone, this vulnerability too would allow them to look at your texts, listen to you using your phone’s microphones etc, at least theoretically. “What code will run on your system will depend entirely on what level of access the attacker is looking for," Ahmed added.

However, WhatsApp has confirmed that a patch had been issued for this vulnerability earlier, and that no users were harmed. “WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted," a WhatsApp spokesperson told Mint.

According to CERT and Facebook’s advisories on the loophole, the following WhatsApp versions are affected by the vulnerability.

WhatsApp for Android prior to 2.19.274
WhatsApp for iOS prior 2.19.100
WhatsApp Enterprise Client prior to 2.25.3
WhatsApp for Windows Phone prior to 2.18.368
WhatsApp Business for Android prior to 2.19.104
WhatsApp Business for iOS prior 2.19.100

That means if you are on any of these versions of WhatsApp, you should update to newer versions of the app. The current version of WhatsApp on Google Play seems to be version 2.19.330, while the iOS version stands at version 2.19.112.

Source

2019-11-18 23:28:22
Favorites2 RateRate

Master Bunny

ABHIMANYU KHADSE | from Redmi Note 7 Pro

#1

GOOD TO KNOW FROM U AS ALWAYS
2019-11-19 05:13:14

Grandmaster Bunny

Centurions Author | from Redmi Note 5 Pro

#2

ABHIMANYU KHADSE
GOOD TO KNOW FROM U AS ALWAYS

thank you
2019-11-19 05:16:46

Semi Pro Bunny

thelip | from Redmi Note 8 Pro

#3

sukriya
2019-11-19 05:19:40
dhilip
2019-11-19 08:06:29

Master Bunny

Vikas2912 | from Redmi Note 7 Pro

#5

thanks for sharing
2019-11-19 08:10:04

welcome
2019-11-19 09:09:48

Master Bunny

Nitesh Varotariya | from Redmi Note 3

#7

nice information
2019-11-19 11:08:49

Grandmaster Bunny

Centurions Author | from Redmi Note 5 Pro

#8

Nitesh Varotariya
nice information

thanks
2019-11-19 21:43:10
please sign in to reply.
Sign In Sign Up

Centurions

Grandmaster Bunny

  • Followers

    240

  • Threads

    503

  • Replies

    7929

  • Points

    25253

3 Days Check-In
7 Days Check-In
21 Days Check-In
40 Days Check-In
70 Days Check-In
100 Days Check-In
2019
Throwback With Mi 2018
Xiaomi's 9th Birthday
MIUI 11

Read moreGet new
Copyright©2016-2019 Xiaomi.com, All Rights Reserved
Content Policy
Quick Reply To Top Return to the list