‘High’ Security Warning issued for WhatsApp by India’s cyber agency; threats detailed

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


India’s cyber-security agency CERT-In on Saturday expressed concern over the detection of certain vulnerabilities in social-media networking app- WhatsApp for both Android and iOS which could lead to a possible breach of sensitive information.

Issuing a ‘high severity rating’ advisory, the Indian Computer Emergency Response Team cautioned users sharing that a vulnerability had been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”

“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said. “Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it added.

According to CERT-In, the vulnerabilities were a result of an alleged “cache configuration issue and missing bounds check within the audio decoding pipeline” in the WhatsApp applications. The agency has urged all users to immediately update the latest version of WhatsApp from the Google Play Store or iOS App Store to counter the vulnerability threat.

CCI levels charges against WhatsApp

The advisory comes days after the Competition Commission of India (CCI) told the Delhi high court that WhatsApp’s new privacy policy could lead to excessive data collection and “stalking” of consumers for targeted advertising to bring in more users. “The Commission is of prima facie opinion that the ‘take-it-or-leave-it nature of privacy policy and terms of service of WhatsApp and the information sharing stipulations mentioned therein merit a detailed investigation in view of the market position and market power enjoyed by WhatsApp,” it said. The CCI has since January 2021 been looking into the details of the privacy policy. 

The Facebook-owned messaging app has been embroiled in controversy over the past year with regards to the proposed policy and the changes that it planned to introduce. 

(With Agency Inputs)

Source…