A vulnerability in WhatsApp compromises users' personal information

WhatsApp application on a mobile.

WhatsApp application on a mobile.

The Computer Emergency Response Team of India (CERT-In) has issued an alert on several vulnerabilities that compromise the personal and confidential information of users of WhatsApp and WhatsApp Business in some versions of the app for Android and ios.

It is a series of "high" risk vulnerabilities, according to the official statement collected by Gadgets 360, which affect WhatsApp and WhatsApp Business users both on the web and on smartphones with versions prior to v2.21.4.18 on Android, and v2.21.32 on iOS.

The vulnerabilities have occurred in WhatsApp applications due to a configuration problem in the cache and the lack of verification of limits in the audio decoding. According to CERT-In, this could allow attackers to "arbitrarily execute code or access sensitive information."

The origin of the vulnerability was found in the whatsapp lock screen, and could be used to communicate through the messaging application by giving voice commands to Apple's voice assistant Siri, according to The Indian Express notice.

Also, a 'Use-After-Free' vulnerability allows hackers to attack a user by sending an animated sticker during a video call. India's cybersecurity agency recommends updating to the latest version of WhatsApp to avoid problems resulting from these vulnerabilities.

To print


Source link