In the latest developments, CERT-In has released an advisory for WhatsApp users of a multitude of bugs and WhatsApp Vulnerability impacting the application that can cause severe data and private information security hazards.
WhatsApp is a widely deployed instant messaging application that a global user base.
Impacting multiple WhatsApp platforms:
The advisory released by CERT-In has a high-severity rating noting that the WhatApp vulnerability exists in the WhatsApp application as well as the WhatsApp Business for iOS and Android.
“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” stated the CERT-In advisory.
According to the advisory, the vulnerabilities on the WhatsApp application and Business platform are a consequence of the cache configuration error and an absent audio decoding pipeline.
High-severity WhatsApp Vulnerability:
Detailing the vulnerability, it has the potential to facilitate remote malicious actors for arbitrary code execution and give access to private data and information on a victim’s device.
It was also detected that the WhatsApp vulnerability can be exploited by malicious actors even if users have Two-Factor Authentication activated.
As a result, CERT-In has recommended users update their WhatsApp and WhatsApp Business Application to the latest version as soon as possible.
History of CERT-In’s WhatsApp advisories:
Back in November 2020, CERT-In has released a similar security advisory regarding two critical vulnerabilities in the WhatsApp platform which were detected as improper access control and user-after-free vulnerability.
The improper access control flaw was persistent in the screen lock feature of WhatsApp and could be used to communicate on WhatsApp by giving voice commands to Siri, an audio assistant in iOS phones. The second, use-after-free vulnerability, apparently permitted malicious actors to target users by sending specially designed animated stickers during a video call.
CERT-In had alerted WhatsApp users in November 2019 as well, about a buffer overflow vulnerability in the instant messaging application, which allowed an attacker to remotely target a system by sending a specially designed MP4 audio or video package.