<p>Vulnerabilities in Whatsapp, the most widely used messaging app in India, could lead to breach of sensitive information, warned India’s cybersecurity watchdog on Saturday, issuing a “high” severity advisory to users.</p>.<p>According to CERT-In — the Indian Computer Emergency Response Team — the vulnerability has been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32”.</p>.<p>The advisory asked users of the app to update to the latest version of WhatsApp from Google Play Store or iOS App Store to counter the vulnerability threat.</p>.<p><strong>Read: <a href="https://www.deccanherald.com/business/business-news/cci-terms-whatsapps-new-privacy-policy-as-exploitative-exclusionary-directs-detailed-probe-965954.html" target="_blank">CCI terms WhatsApp's new privacy policy as 'exploitative, exclusionary'; directs detailed probe</a></strong></p>.<p>“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory issued on Saturday said.</p>.<p>It said the vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.</p>.<p>“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.</p>.<p>Last year, cybersecurity experts had identified a Javascript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware through notification messages that appear normal to users.</p>.<p>In 2020, WhatsApp had revealed six vulnerabilities that were previously undisclosed. Of the six vulnerabilities, four existed on WhatsApp for Android and two were part of the iPhone client.</p>.<p>Two-thirds of the new vulnerabilities were found internally – through code review or automated dynamic analysis – and one-third were reported through the bug bounty programme conducted by Facebook.</p>
<p>Vulnerabilities in Whatsapp, the most widely used messaging app in India, could lead to breach of sensitive information, warned India’s cybersecurity watchdog on Saturday, issuing a “high” severity advisory to users.</p>.<p>According to CERT-In — the Indian Computer Emergency Response Team — the vulnerability has been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32”.</p>.<p>The advisory asked users of the app to update to the latest version of WhatsApp from Google Play Store or iOS App Store to counter the vulnerability threat.</p>.<p><strong>Read: <a href="https://www.deccanherald.com/business/business-news/cci-terms-whatsapps-new-privacy-policy-as-exploitative-exclusionary-directs-detailed-probe-965954.html" target="_blank">CCI terms WhatsApp's new privacy policy as 'exploitative, exclusionary'; directs detailed probe</a></strong></p>.<p>“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory issued on Saturday said.</p>.<p>It said the vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.</p>.<p>“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.</p>.<p>Last year, cybersecurity experts had identified a Javascript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware through notification messages that appear normal to users.</p>.<p>In 2020, WhatsApp had revealed six vulnerabilities that were previously undisclosed. Of the six vulnerabilities, four existed on WhatsApp for Android and two were part of the iPhone client.</p>.<p>Two-thirds of the new vulnerabilities were found internally – through code review or automated dynamic analysis – and one-third were reported through the bug bounty programme conducted by Facebook.</p>
