The security and integrity of popular mobile messaging application WhatsApp was recently brought into question again after it was revealed that the platform carried out new security updates to prevent hackers from using MP4 files to compromise phones.
Facebook, which owns WhatsApp, noted in a Thursday statement that the flaw was identified as “CVE-2019-11931,” explaining that the vulnerability was a “stack-based buffer overflow [that] could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
According to Cybersecurity outlet The Hacker News, the problem was promptly amended in October. It indicated that the vulnerability allowed hackers to “remotely compromise targeted devices and potentially steal secured chat messages and files stored on them,” and that hackers only needed a WhatsApp user’s phone number to begin the process.
The security snafu was reportedly discovered internally.
Users, however, are urged to update their apps should they still be working with one of the affected versions.
The revelation comes weeks after Facebook filed a lawsuit against Israeli company NSO Group, in which the social media giant alleged that the Israeli company used WhatsApp to target more than 1,400 users with highly sophisticated spyware. The NSO Group has largely disputed the allegations, saying that it will “vigorously” fight the suit.
Facebook is presently demanding that the Israeli company be denied access to its services and systems. It’s also seeking unspecified damages.