If you haven't updated WhatsApp on your phone recently, you should do so right now. Facebook has released a new version of the app that patches a security hole that could be exploited to gain remote access to messages and files.
By using a specially crafted MP4 video files, hackers could have accessed files and messages on iOS, Android and Windows Phone versions of WhatsApp. The problem was found in the regular version of WhatsApp, WhatsApp for Business and in the Enterprise client version – affecting a potentially colossal number of users.
- How to activate dark mode in WhatsApp on the web
- Dark mode for WhatsApp: everything you need to know
- WhatsApp tests self-destructing messages
But now Facebook has issued a patched version of the popular chat app which addresses the CVE-2019-11931 (opens in new tab) buffer overflow vulnerability. In a security advisory (opens in new tab) about the flaw, Facebook explains:
"A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE."
As The Next Web (opens in new tab) explains, there have been no reported incidents of the vulnerability being exploited in the wild, but that doesn't make it any less serious.
Get patched
So how do you know if you're affected? Facebook explains that the following versions of the WhatsApp app are vulnerable:
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100
If you have a newer build of WhatsApp installed, you're safe – just run a check to see if there are any updates available for your handset. The issue highlights the importance of keeping apps up to date to avoid potential security problems.