Cyber security agency advisory to ’WhatsApp’ users

www.mangaloretoday.com

New Delhi, Nov 24, 2019: The CERT-In, an Indian cybersecurity agency, has warned WhatsApp users about the “vulnerability” that can compromise their individual account, even as the US-based company said that it is taking all security measures to address the concerns.

The Computer Emergency Response Team-India (CERT-In), a nodal agency to combat hacking and phishing, has issued an advisory in this context calling the severity of the threat, being spread by an MP4 file, as “high.” The agency also suggested WhatsApp users to upgrade their app to the latest version to tide over the problem.

“A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system,” the CERT-In said.

“A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system,” it warned.

The exploitation does not require any form of authentication from the victim end and executes on downloading of a malicious crafted MP4 file on victims system, it said.

The government agency said half-a-dozen WhatsApp software have been “affected” by the current vulnerability.

However, WhatsApp spokesperson said in this instance there is no reason to believe users were impacted.”

Separately, Facebook-owned company written to the government expressing “regret” over the Pegasus snooping row, and has assured that it is taking all security measures to address concerns.