WhatsApp users' safety and privacy may have been compromised due to a new security vulnerability discovered in the messaging app. According to reports, a new, critical security vulnerability -- CVE-2019-11931 -- was discovered in WhatsApp. The vulnerability if exploited could allow an attacker to execute a Denial of Service (DoS) attack on WhatsApp, thus affecting its service.
The issue was found in both WhatsApp Messenger for Android and iOS. The cyber-attack starts with hackers sending a specially crafted MP4 file to a WhatsApp user that triggers a remote code execution and Denial of Service (DoS) attack.
As per an advisory issued by Facebook, the following is the list of WhatsApp versions affected by the vulnerability.
"A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.
The news comes at a time when serious safety and privacy concerns are being raised due to Facebook's lawsuit against an Israeli software company NSO Group for allegedly hacking into WhatsApp accounts. WhatsApp spyware scare caused by Pegasus intensified after Facebook acknowledged that Indian journalists and human rights activists were among those globally spied upon by unnamed entities using the software.
"We agree with the government of India's strong statement about the need to safeguard the privacy of all Indian citizens. That is why we've taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide," a WhatsApp spokesperson had said in a statement.