New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.

This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.

When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.

Pegasus-like features

Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.

A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."

Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.

According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.

An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.

This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.

Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.

This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.

WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.

Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.

Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".

According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."

Courtesy: www.indiatoday.in

Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.



Dubai: The legendary Sunil Gavaskar on Friday found himself in the midst of a controversy for making an unsavoury comment against Virat Kohli and his wife Anushka Sharma after the Indian captain's forgettable outing in the IPL.

Reacting to what she termed a "distasteful message" by Gavaskar, Sharma sought an explanation from the former India captain.

After dropping two catches, Kohli, undoubtedly one of the best when it comes to chases, failed with the bat, managing just a run off five balls against Kings XI Punjab here on Thursday night.

In the commentary box, Gavaskar came up with a shocking comment involving Kohli's actor wife Anushka.

The remark was in bad taste and did not go down well with the RCB skipper's fans, with some of them urging the BCCI to remove Gavaskar from the commentary panel.

Sharma reacted to it by putting a statement on her Instagram page. She wrote, "That, Mr Gavaskar, your message is distasteful is a fact but I would love for you to explain why you thought of making such a sweeping statement on a wife accusing her for her husband's game?."

"I am sure over the years you have respected the private lives of every cricketer while commentating on the game. Don't you think you should have equal amount of respect for me and us?"

"I am sure you can have many words and sentences in your mind to use to comment on my husband's performance from last night or are your words only relevant if you use my name in the process?"

Over the years, on quite a few instances the Bollywood actress has been blamed whenever her high-profile cricketer husband under-performed on the field, and she rued that fact.

Sharma added, "It's 2020 and things still don't change for me. When will I stop getting dragged into cricket and stop being used to pass sweeping statements?

"Respected Mr. Gavaskar, you are a legend whose name stands tall in this gentleman's game. Just wanted to tell you what I felt when I heard you say this."

The Indian batting mainstay had a forgettable outing at the Dubai International Stadium.

Kohli dropped his KXIP counterpart KL Rahul twice -- once in the 17th over at deep square-leg when he was batting on 83 and then again in the 18th over when he was on 89.

The KXIP skipper then went on to shatter a few record on the way to a 69-ball 132 -- the highest scored by an Indian in an IPL game.