The older versions of WhatsApp & WhatsApp Business for iOS are facing multiple vulnerabilities. These WhatsApp security vulnerabilities were given a high severity rating. The news came after the Indian Cybersecurity firm CERT-In (Computer Emergency Response Team) has announced a warning regarding the same.
The warning came in recently, urging iOS WhatsApp users to update to the latest versions of the application.
The reported vulnerabilities are severely dangerous. They could allow remote attackers to execute arbitrary code on any target system or bypass security restrictions too. The report for these vulnerabilities as a part of the November update to security advisories.
The two severe WhatsApp vulnerabilities
Two severe WhatsApp security vulnerabilities mentioned in the report were a User-After-Free Vulnerability (CVE-2020-1909) and an Improper Access Control Vulnerability (CVE-2020-1908). Both these vulnerabilities have a high severity rating & affect different aspects of the application.
Access control WhatsApp vulnerability
The Access Control Vulnerability affected the versions of WhatsApp prior to v2.20.100. It can allow hackers to access your WhatsApp even at times when the device is locked.
WhatsApp has mentioned more about the vulnerability by saying that it happens due to the Improper Authorisation of Screen Lock Feature in both WhatsApp & WhatsApp Business. When the device is locked, the vulnerability could permit Siri’s use to interact with the application.
The user-after-free vulnerability of WhatsApp affects the logging library of the application. It can impact any iOS version of WhatsApp & WhatsApp Business prior to v2.20.111. This vulnerability is severe & could cause severe consequences including potential code execution, crashing & memory corruption.
Any remote attacker can exploit this vulnerability. As per the WhatsApp advisory, this can be done by placing a WhatsApp video call on the target’s device on hold, while at the same time sending a specially crafted animated sticker to them. This would result in multiple events occurring simultaneously on the application.
WhatsApp security update for the vulnerabilities and more
WhatsApp has released their November WhatsApp update for both WhatsApp & WhatsApp Business applications. This WhatsApp update patches both the aforementioned vulnerabilities in the applications. WhatsApp has urged its users to install the update from the App Store at the earliest. This would help them stay safe from the above-mentioned vulnerabilities. WhatsApp has fixed the vulnerabilities in time before they could be exploited by any malevolent entity. This speaks volumes regarding WhatsApp’s dedication to ensuring users’ data protection.
But besides the patch, the November WhatsApp update of the application has brought along a number of other features as well. These include the Shopping Button, WhatsApp Pay, Disappearing Messages, Always Mute and more. Two of these features are highly beneficial for Business Accounts. The payment option is a highlight since Facebook finally got the approval for UPI-based payments by NPCI.