WhatsApp is one of the most popular instant messengers available on smartphones today. The bad news for many WhatsApp users is that according to a report from GBHackers on Security, they have discovered a bug in WhatsApp that would allow a hacker to potentially breach your device and hack it using a specially-crafted MP4 file.
What does this special file do? Basically if you were to download it, it would essentially trigger a remote code execution and a DDoS attack. It would also allow hackers to deploy malware which in turn would allow them to spy on the user and steal their data and information and also surveil them.
Facebook has also since issued a security advisory where it reads:
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”
So if you were to receive an MP4 file on WhatsApp, you might want to double check with the person who sent it to make sure that it was intentional and it is what it claims to be. Given that the MP4 format is pretty common, it can be easily mistaken for something else, so until this issue has been patched, perhaps it might be a good idea to avoid downloading MP4 files sent over WhatsApp for now.