WhatsApp has launched a dedicated security advisory website that would inform users about the bugs and vulnerabilities on the messaging app. The new site will also inform the users about the security updates made in the app and more. Along with the launch of the app, WhatsApp also disclosed that a total of six vulnerabilities were found on the app most were fixed on the same day.
WhatsApp has updated the website with all the latest bugs that were discovered on the app and it also has an archive section that would let users access the previous bugs that were fixed by the messaging app. The Common Vulnerabilities and Exposures were found on WhatsApp for Android, iOS, WhatsApp for web, and WhatsApp business. The list only consists of the bugs that were discovered and fixed by WhatsApp soon after it was discovered.
Some of the bugs found on WhatsApp Business could "have allowed arbitrary code execution when playing a specially crafted push to talk message" and "could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction". WhatsApp also reveals that a bug discovered on its Android app could have made users answer a malicious video call that could have could have allowed an out-of-bounds write via a specially crafted video stream. However, all these bugs listed on the website have been fixed and users need not worry about encountering them again in the future.
WhatsApp in a blog revealed that it has collaborated with leading security firms to review their codes and practices and they also engage with researchers via the Facebook Bug Bounty Program to help them find the flaws and fix them.
"If a bug is identified, we work to fix the issue as quickly as possible. In keeping with industry best practices, we will not disclose security issues until after we have fully investigated any claims, issued any necessary fixes, and made updates widely available through the respective app stores. We use this same approach for all WhatsApp products. If we ever fix an issue in one of our products, we also work to ensure that it's addressed in any other products that may rely on the same code," WhatsApp said in a blog.
"Due to the policies and practices of app stores, we cannot always list security advisories within app release notes. This advisory page provides a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE). Please note that the details included in CVE descriptions are meant to help researchers understand technical scenarios and do not imply users were impacted in this manner," the statement added.
Copyright©2021 Living Media India Limited. For reprint rights: Syndications Today