Facebook has this week closed a vulnerability in chat app WhatsApp that made it possible to install malicious software on a smartphone with the sending of a video file.
The malicious code was processed in the metadata of the file, which normally contains extra information about the file. The vulnerability has probably never been abused, WhatsApp says in a statement to Hackernews .
The leak made it possible to install malicious spyware on someone else's smartphone, for example, but also to use the smartphone for so-called Denial-of-Service attacks (DoS) on servers. The only thing the hacker needed was the phone number of the target and an MP4 file with code changes.
The vulnerability was found in both consumers and business versions of WhatsApp. It has been fixed in the latest update of the popular chat app.