- CERT-IN has warned users about multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business.
- The website had marked the severity of the vulnerability as “high”.
- CERT-IN had advised all the users to update to the latest versions of WhatsApp from App Store.
CERT-IN, the Indian computer emergency response team, has warned users about multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business. The website had marked the severity of the vulnerability as "high". CERT-in has informed of two major vulnerabilities such as an improper Access Control vulnerability and a use-after-free vulnerability. Notably, the flaws have been found in older versions of WhatsApp for iOS and WhatsApp business.
The vulnerabilities were disclosed by WhatsApp in its security adversaries as part of its security advisories. "Multiple vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system," CERT-IN says in a blog.
CERT-In had two major vulnerabilities improper Access Control vulnerability and a use-after-free in its note. As per the CERT-In report, the improper access control vulnerability exists in the screen lock feature in WhatsApp and WhatsApp due to improper authorization of input. The report reveals that an attacker could exploit the flaw by using Siri to communicate even if the phone is locked. If the attacker gets successful in exploiting the vulnerability, it could allow the attacker to bypass security restrictions.
Now coming to the other vulnerability— the user-after-free vulnerability. The report says that this vulnerability exists in the logging library in WhatsApp for iOS due to an error called use-after-free error. An attacker could exploit this vulnerability by sending a specially crafted animated sticker to the target contact during a video call. The report further adds that if the attacker is successful in exploiting this vulnerability, it could lead to memory corruption, denial of service conditions, and execution of remote code.
CERT-IN had advised all the users to update to the latest versions of WhatsApp from the App Store.
On another note, WhatsApp has rolled out a plethora of features this month including the Always Mute, Disappearing Messages, WhatsApp Pay and Shopping Button. The shopping button was the latest feature to join the messaging app. Apa.rt from that, the WhatsApp payments feature came to India after two years. The Facebook-owned messaging gap finally got approval from NPCI for UPI-based payments. The feature would allow users to send and receive money using the app. A user is required to have a bank account a registered number to use the feature'].