- Indian Computer agency warns users about multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business
- The severity of the vulnerability found in WhatsApp has been categorised as “High”
- CERT-IN advice iOS users to update WhatsApp to its latest versions via App Store
The Indian Computer Emergency Response Team or more commonly known as CERT-In has warned users of the multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business. The website has categorised the severity of the vulnerability as “high”.
The Indian Computer agency has informed of two major vulnerabilities which include an improper Access Control vulnerability and a use-after-free vulnerability. Notably, these shortcomings have been found in the older versions of WhatsApp for iOS and WhatsApp business.
The vulnerabilities were disclosed by Facebook owner messaging application WhatsApp in its security adversaries as part of its security advisories.
In a blog, CERT-In said, “Multiple vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system,”.
The two major vulnerabilities noted by CERT-In were improper Access Control vulnerability and a use-after-free and according to the report from the Indian Computer agency, the improper access control vulnerability exists in the screen lock feature in WhatsApp and WhatsApp Business due to improper authorization of input.
The report also revealed that any attacker could exploit the flaw by using Siri to communicate even if the phone is locked. If the attacker gets successful in exploiting the vulnerability, it could allow the attacker to bypass the security restrictions.
Talking about the other vulnerability – the user-after-free vulnerability – the report said that the vulnerability looms in the logging library on WhatsApp for iOS due to an error which is called use-after-free error.
Any attacker would be able to exploit this vulnerability by sending a specially crafted animated sticker to the target contact during a video call.
The report from CERT-In further added that if the attacker is successful in exploiting this vulnerability, it could lead to memory corruption, denial of service conditions, and execution of remote code.
CERT-IN has advised all the users to update their WhatsApp to the latest versions available on the Apple App Store.
In another note, WhatsApp rolled out a huge number of features this month which included the Always Mute, Disappearing Messages, WhatsApp Pay and Shopping Button.
The shopping button was the latest feature to join the world’s most famous messaging application. In addition to this, the WhatsApp payments feature has also arrived in India, after two long years. The Facebook-owned messaging aap finally got approval from the National Payments Corporation of India (NPCI) for Unified Payments Interface (UPI)-based payments. The feature will allow WhatsApp users to send and receive money within the application. A user will be required to have a bank account a registered number to use the feature, the note said.