The latest update of the app fixes the vulnerability that allowed attackers to use malicious GIF files to access user content.
WhatsApp, the encrypted messaging service that pretty much every android and iOS user uses as their primary text-based communication tool has been facing issues currently. The brand, now owned by Facebook came under the crosshairs when a recent scandal came to light in India. Now there is yet another threat from the app that targets both Android and iOS users at large.
A bug discovered by a security researcher last month allowed attackers to use malicious GIF files to possibly access user content. The GIF sent by the attacker once downloaded on your phone, could access the gallery and send back images to the attacker.
Now Facebook has confirmed another vulnerability. The company describes it this way – “a stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.” This means that when such malware is sent to your phone from an attacker, disguised as a video file, the file itself could trigger remote access which the attacker could use to control your device remotely. The attacker may also use the file to simply eavesdrop on your communications, in which case you wouldn’t even notice something is wrong until it is too late.
The best way to currently make sure that you are not targeted by any such vulnerabilities that pop up time and time again is to always stay updated to the latest version of WhatsApp, which ensures that the app version you have is up-to-speed with fixes and patches for all such bugs out there. Upgrading to version 2.19.274 on Android, and to version 2.19.100 on iPhones should keep you safe.
A good practice to follow is to keep automatic-downloading turned off. Since malware can now be disguised as both pictures and videos, not having these files in your phone’s local storage is the ultimate precaution you can take. Download images, videos and recordings only from trusted sources. Beware of forwarded messages that often come with accompanying clickbait messages that will try to lure you into downloading these files.