Computer Emergency Response Team (CERT-In), India¡¯s cyber security agency, has recently issued an alert for the users of older versions of WhatsApp and WhatsApp Business for iOS.?
As per the alert, the versions of the chat app have been found to have multiple vulnerabilities.
In a report published on its website, CERT-In says that the security loopholes can allow a remote attacker to ¡°bypass security restrictions or execute arbitrary code on the target system.¡± These issues have been reported to affect WhatsApp for iOS prior to versions 2.20.111 as well as WhatsApp Business for iOS prior to versions 2.20.100.
CERT-In has highlighted two major vulnerabilities affecting the said versions. One has been termed as the ¡®Improper Access Control Vulnerability¡¯ and the other is ¡®Use-After-Free Vulnerability.¡¯
For the first, CERT-In explains that the Screen Lock feature in WhatsApp and WhatsApp Business poses the security threat due to improper authorization of input. ¡°An attacker could exploit this vulnerability by using SIRI to communicate even after the phone is locked,¡± explains the alert.
Anyone who is able to successfully exploit this vulnerability would hence be able to bypass security restrictions on the device.
The second vulnerability, called the ¡®Use-After-Free Vulnerability,¡¯ exists in the logging library in WhatsApp and WhatsApp Business for iOS due to a use-after-free error. CERT-In warns that a remote attacker could exploit this vulnerability ¡°by sending a specially crafted animated sticker to the target user while placing a WhatsApp video call on hold.¡± The idea is to cause several events to occur together in sequence.
¡°Successful exploitation of this vulnerability could lead to memory corruption, denial of service conditions or execution of remote code,¡± CERT-In warns.
The agency also posted a solution to the vulnerabilities, stating that all these security issues have been corrected in the latest versions of the app and all users need to do is install the latest version from the App Store.