Here's why CERT-In has advised users to update WhatsApp immediately
India's cybersecurity agency CERT-In (or the Indian Computer Emergency Response Team) has issued a warning to all WhatsApp users in the country, informing them of vulnerabilities that it has identified on popular encrypted chat application WhatsApp, that could result in a negative impact on users privacy and personal data.
The vulnerability was identified on both iOS and Android platforms, and appears to affect both WhatsApp and WhatsApp Business clients, reports Gadgets360. Users running version v18.104.22.168 and older on Android are affected by the vulnerability, while users on version 2.21.32 and older on iOS are similarly affected.
The report also quotes that the cybersecurity agency as stating that there were multiple vulnerabilities reported in the WhatsApp apps that could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system. It also states that the security flaws stemmed out of a “cache configuration issue” on WhatsApp and “a missing bounds check within the audio decoding pipeline”.
“We regularly work with security researchers to improve the numerous ways WhatsApp protects people's messages. As is typical of software products, we've addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused. WhatsApp remains safe and secure, and end-to-end encryption continues to work as intended to protect people's messages,” a WhatsApp spokesperson told HT Tech.
Fortunately, users who are concerned about their privacy and safety can simply head over to the Play Store and download the latest version of the app for their Android or iPhone device. If your phone is running iOS 9 or Android 2.3, you will not be able to update the app and should consider getting a new device instead.