How to protect against the new internal WhatsApp flaw that makes spyware infection easier for hackers

This is how you protect against the new internal WhatsApp flaw that makes spyware infection easier for hackers

Day by day controversies surrounding the WhatsApp hacking is fueled by new incidents, making the world’s most popular messaging platform weaker and unsafe.

Today is a day like that, cybersecurity researchers just announced that apparently, WhatsApp is quietly working on a patched that will eradicate a new critical vulnerability which is present in the app; if this new flaw is exploited by hackers they could remotely compromise targeted devices and potentially steal secured chat messages and files stored on them.

If you received a random, unexpected MP4 video file over WhatsApp from an unknown number in recent months, you are in danger!

Sadly, the WhatsApp MP4 vulnerability came just two weeks after Facebook sued the NSO Group for misusing WhatsApp service to target its users.

However, at least in India, the social media giant itself came under investigation from the Government who raised questions about the security of its end-to-end encrypted app rather than going after NSO Group for targeting a huge number of its citizens.

Flaw analysis:
The flaw was investigated by cybersecurity researchers and now can be identified as CVE-2019-11931.
This cybersecurity problem is nothing new, just a stack buffer overflow problem that was created by the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file; if exploited will end with a denial-of-service or remote code execution cyberattack.

Hackers can easily remotely exploit the vulnerability, all they need is the phone number of the targeted victim to send them a maliciously crafted MP4 file over WhatsApp; this file is specially programmed to install a malicious backdoor or spyware app on the compromised devices silently.

Who is affected?
Sadly almost everyone. The flaw affects impacts users as well as companies that are using WhatsApp on all major platforms, including Google Android, Apple iOS, macOS, and Microsoft Windows.

The specific list of affected WhatsApp app versions are as follows:
Android versions before 2.19.274
iOS versions before 2.19.100
macOS versions before 0.3.5374
Enterprise Client versions before 2.25.3
Windows Phone versions before and including 2.18.368
Business for Android versions before 2.19.104
Business for iOS versions before 2.19.100

How serious it is?
The newly released flaw report shows that the newly patched vulnerability is comparable with the recent WhatsApp VoIP call vulnerability that was exploited by the Israeli company NSO Group to install Pegasus spyware on a huge number of Android and iOS devices worldwide.

Even more concerning is the fact that by this time researchers are still not been able to provide an exact number of the impacted devices by this zero-day flaw

For the moment Facebook and WhatsApp have not commented on this big security issue and probably they will do it when everything cools down in order to make it look like a small problem.

Whatsapp flaw protection guide:
It’s recommended for all users to make sure they are running the latest version of WhatsApp on their device and disable auto-downloads of images, audio and video files from the app settings.

Even if WhatsApp is constantly working to improve the security of the service. Public reports on issues are becoming a thing despite industry best practices. In this instance, there is no reason to believe otherwise, both users and companies were impacted without even knowing it