The Indian cybersecurity agency CERT-In has warned about new vulnerabilities found in the leading cross-platform messaging application WhatsApp could result in the breach of sensitive user data. The agency has thus released a high severity rating advisory and could be alarming for users still stuck with an old version of WhatsApp.
According to CERT-In, WhatsApp and WhatsApp Business for Android before v220.127.116.11 and WhatsApp and WhatsApp Business for iOS before v2.21.32 are susceptible to these flaws. The advisory issued by the agency detailing the criticality states that this vulnerability could “allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system.”
For those unaware, CERT-In is a national technology arm that tackles cyber attacks and acts as a watch guard for Indian cyberspace.
What is the impact of this WhatsApp Vulnerability?
According to the report, this vulnerability exists due to certain features on WhatsApp and thus allows hackers to access personal data like chats, images, videos etc. by running malicious codes remotely. This vulnerability is linked “to a cache configuration issue and missing bounds check within the audio decoding pipeline.”
The report also suggests that since these flaws do not exist on the latest versions of WhatsApp, users using the latest version of the messaging application are not impacted at all. However, users with WhatsApp and WhatsApp Business for Android older than v18.104.22.168 and WhatsApp and WhatsApp Business for iOS older than v2.21.32 may be at risk
How can I safeguard my chats?
The simplest way to ensure the privacy of your data is by using the latest version of WhatsApp on your phone. Facebook led WhatsApp has stated that since these vulnerabilities existed in outdated versions of the application, there is a little chance of them being misused by hackers.
It has further stated that the said vulnerabilities have already been addressed by the bugs highlighted by the agency and has urged users to update the application on their devices to the latest one.
A prepared statement issued by WhatsApp read, “We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages. As is typical of software products, we have addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused.”
This is, however, one of many vulnerabilities that were found in WhatsApp recently. Very recently, researchers found a flaw in WhatsApp that allowed stalkers to track unassuming users’ “online status” to monitor their activities. This flaw could be used to correctly predict if a user is busy chatting with someone else at any given time.