A high severity rating advisory issued by the CERT-In (Indian Computer Emergency Response Team) said certain vulnerabilities have been detected in WhatsApp.
It said the vulnerability has been detected in software that has WhatsApp, WhatsApp Business for Android and WhatsApp and WhatsApp Business for iOS. “Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.
CERT-In highlighted that the vulnerabilities exist due to a cache configuration issue and missing bounds check within the audio decoding pipeline. “Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it said.
The advisory advised users of the app to update the latest version of WhatsApp from Google Play Store or iOS App Store to counter the vulnerability threat.
Security threats aren’t new for this widely used app. According to Forbes, a reported sharp rise in WhatsApp security flaws across 2019 led political staffers to switch to competing secure messenger Signal.
The instant messaging platform relies on internal security reviews and automated detection systems to identify and fix potential issues proactively. It also engages with external security researchers through the Facebook bug bounty program.
Over the past year, five critical WhatsApp vulnerabilities have been listed:
The National Vulnerability Database said a vulnerability in WhatsApp Desktop versions when paired with WhatsApp for iPhone versions allows cross-site scripting (XSS) and local file reading. It makes the victim to click a link preview from a specially crafted text message. The flaws leave users vulnerable to attacks by allowing both the text content and links in website previews to be tampered with to display false content and modified links.