CERT-IN, the Indian cyber emergency response team, has warned users of multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business. The website had marked the severity of the vulnerability as “high”. CERT-in reported two major vulnerabilities such as an improper access control vulnerability and a use-after-free vulnerability. In particular, flaws were found in previous versions of WhatsApp for iOS and WhatsApp business.
The vulnerabilities were revealed by WhatsApp in its security opponents as part of its security advisories. “Several vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS that could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system,” says CERT-IN in a blog.
CERT-In had two major vulnerabilities in improper access control vulnerabilities and a use-after-free vulnerability in the note. According to the CERT-In report, the vulnerability of improper access control exists in the screen lock feature in WhatsApp and WhatsApp due to improper input authorization. The report reveals that an attacker could exploit the flaw by using Siri to communicate even if the phone is locked. If the attacker successfully exploits the vulnerability, it could allow the attacker to circumvent security restrictions.
Now we come to the other vulnerability: the user-after-free vulnerability. The report states that this vulnerability exists in the logging library in WhatsApp for iOS due to an error called no-use error. An attacker could exploit this vulnerability by sending a specially crafted animated sticker to the target contact during a video call. The report also adds that if the attacker successfully exploits this vulnerability, it could lead to memory corruption, denial of service conditions, and remote code execution.
CERT-IN advised all users to update to the latest versions of WhatsApp from the App Store.
On another note, WhatsApp rolled out a plethora of features this month including Always Mute, Disappearing Messages, WhatsApp Pay, and Shopping Button. The shopping button was the latest feature to join the messaging app. Apa.rt from that, the WhatsApp payment feature came to India after two years. The Facebook-owned messaging gap has finally gotten approval from NPCI for UPI-based payments. The feature would allow users to send and receive money using the app. A user must have a bank account number registered to use the ‘]function.
CERT-IN, the Indian cyber emergency response team, has warned users of multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business.
- CERT-IN has warned users of multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business.
- The website had marked the severity of the vulnerability as “high”.
- CERT-IN had advised all users to update to the latest versions of WhatsApp from the App Store.