Skip to main content

WhatsApp flaw could have let hackers take control of a phone via an MP4 file

Have you received a strange MP4 file on WhatsApp recently? It’s probably best to avoid downloading it — at least until you update to the latest version. WhatsApp recently fixed a vulnerability that could have allowed hackers to send a specially coded MP4 file, and then remotely take control of a phone and access the messages and files stored on that device.

The flaw is known as CVE-2019-11931, and it affected Android devices with WhatsApp versions before 2.19.274, and iPhones with WhatsApp versions before 2.19.100. Currently, there doesn’t seem to be any indication that the flaw was actually exploited. Facebook, which owns WhatsApp, says the issue was discovered internally — not through any known attacks or a third-party security researcher.

“WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices,” said a Facebook spokesperson in a statement to The Hacker News. “In this instance, there is no reason to believe that users were impacted.”

There isn’t much extra information about the vulnerability or how it works, but as long as users update to the latest version of WhatsApp, they shouldn’t have any issues.

Recently, WhatsApp sued Israeli mobile surveillance company NSO Group over an exploit that was used to attack hundreds of different phones. These included the likes of human rights defenders, journalists, and more. This particular attack disguised malicious code as call settings, and allowed the attackers to deliver code to phones as if it came from WhatsApp’s servers. Once the initial code was delivered, attackers were able to inject more malicious code into a device’s memory. In total, 1,400 devices were affected.

In general, it’s recommended to ensure that all your apps are kept up to date, so as to make sure that any security issues are patched. There are other things you can do to ensure that your phone remains uncompromised. For example, if you have an Android phone, you can make sure to only download apps from the Google Play Store. It’s also important to always make sure that your version of Android or iOS is the latest version — especially considering the fact that security vulnerabilities often exist in the operating system.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
WhatsApp to end support for older iPhones in coming months
WhatsApp messaging app icon.

If you’re still rocking a decade-old iPhone 5 or 5C and use WhatsApp, you should be aware that the Facebook-owned company will soon be ending support for those devices.

A WhatsApp notification spotted by WhatsApp specialist site WABetaInfo reveals that the company will end support for iOS 10 and iOS 11 in the fall. The iPhone 5 and 5C are unable to deploy iOS 12 and later, which means WhatsApp on those two handsets will stop receiving the latest updates for security, features, and general functionality.

Read more
Emoji reactions hit WhatsApp as Meta fights the competition
Person texting on a smartphone using WhatsApp.

WhatsApp is gaining a slew of new features some would consider overdue for a messaging app of its size. The company is adding support for message reactions, larger file shares, and bigger groups in an update that's slowly rolling out across iOS and Android. Many of these features are present in other apps, notably Telegram, so WhatsApp is under pressure to keep up.

Message reactions are the most noticeable feature for users on a day-to-day basis. They're already present on Facebook Messenger, iMessage, Google Messages, Instagram, and Snapchat, so WhatsApp is a pretty late addition. At the moment only a limited number of reactions are present, but the WhatsApp team notes that a broader range of expressions is coming.

Read more
WhatsApp Communities want to be your private social media
Whatsapp Communities on Samsung smart phones.

WhatsApp is adding a Communities feature to the eponymous instant messaging platform, adding a social media aspect to it that will have all group conversations protected by end-to-end encryption. Unlike the new community feature on Twitter that brings together like-minded users, the core idea of Communities on WhatsApp is that it allows multiple groups to be aggregated into one super-group.

But unlike social media platforms such as Facebook or Twitter, a WhatsApp Community won’t be openly discoverable. The phone numbers of users also won’t be publicly visible to all Community members. Only the admin and other members of a group can see them.

Read more