- Technology.WhatsApp introduces a new function: messages that self-destruct
- Tricks: Alert for a WhatsApp bug: update or your phone could be hijacked
- Tricks.WhatsApp incorporates its most anticipated function: it's over that anyone gets you into a group
- Technology.WhatsApp: So you can easily know which contacts are online and how many times they connect daily
Facebook , the company that owns WhatsApp , has discovered a "critical vulnerability" in WhatsApp that affects both Android and iOS devices and allows hackers to steal users' personal information stored in the 'app' by sending it to the same of a video in malicious MP4 format.
The company that owns WhatsApp, Facebook, has announced that in older versions of WhatsApp there is a vulnerability in the messaging application that can be used by cybercriminals to launch DoS (denial of service) or RCE (remote code execution) attacks.
"A buffer overflow ( stack-based buffer overflow ) could be triggered in WhatsApp by sending a specially crafted file to a WhatsApp user. This issue was present in the analysis of the elementary metadata of an MP4 file and can result in a DoS attack or RCE, "Facebook explained.
The DoS attack is based on the overload of the victims' systems so that their device or network is no longer available and can thus access the theft of their personal information. For its part, the RCE is a computer attack that consists of the cybercriminal being able to make the victim's device remotely execute the code, while he is in charge of developing his own programming to get complete access to the device. the victim
In this case, to access victim data, the hacker has to send an MP4 file to them through the application. If they open it, the cybercriminal exploits the vulnerability of the so-called buffer overflow application to launch DoS or REC attacks and steal the information stored in the application .
This vulnerability is a software error that occurs when a program does not adequately control the amount of data that is copied and stored in a memory designed for it. If the amount of data destined to be stored in it exceeds its capacity, the remaining 'bytes' are stored in adjacent memory areas, overwriting their original content, which usually belongs to data or codes stored in memory. This results in a vulnerability that can be exploited by a hacker to make malicious use of it .
According to the statement issued by Facebook , this vulnerability has affected both iOS and Android devices in older versions of WhatsApp. The error was patched with the update on October 3 , but it still affects devices with outdated software .
Specifically, versions of Android prior to 2.19.274, those of iOS prior to 2.19.100, versions of Enterprise Client prior to 2.25.3, those of Windows Phone earlier and including 2.18.368, those of Business for Android are affected prior to 2.19.104, and Business for iOS prior to 2.19.100.
According to the criteria of The Trust Project
Know moreCrimeWhatsApp denounces an Israeli spy company for hacking its users
MobileWhatsApp hardens your access requirements
Actualidad EconómicaWorldcoo, the most countercultural startup in Spain