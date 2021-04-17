Vulnerabilities in Whatsapp, the most widely used messaging app in India, could lead to breach of sensitive information, warned India’s cybersecurity watchdog on Saturday, issuing a “high” severity advisory to users.

According to CERT-In — the Indian Computer Emergency Response Team — the vulnerability has been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32”.

The advisory asked users of the app to update to the latest version of WhatsApp from Google Play Store or iOS App Store to counter the vulnerability threat.

Read: CCI terms WhatsApp's new privacy policy as 'exploitative, exclusionary'; directs detailed probe

“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory issued on Saturday said.

It said the vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.

“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.

Last year, cybersecurity experts had identified a Javascript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware through notification messages that appear normal to users.

In 2020, WhatsApp had revealed six vulnerabilities that were previously undisclosed. Of the six vulnerabilities, four existed on WhatsApp for Android and two were part of the iPhone client.

Two-thirds of the new vulnerabilities were found internally – through code review or automated dynamic analysis – and one-third were reported through the bug bounty programme conducted by Facebook.