Multiple vulnerabilities in WhatsApp, Whatsapp Business for iOS, warns CERT-In
iOS users should update WhatsApp and WhatsApp Business right away from the App Store because these vulnerabilities, if exploited, can lead to memory corruption, crashes and potentially code execution.
Indian cyber security agency, Computer Emergency Response Team (CERT-In) has issued a warning against multiple vulnerabilities in the older versions of WhatsApp and WhatsApp Business on iOS.
As per reports, the severity rating of the vulnerability has been marked as ‘high’.
The alert issued by CERT-In warns of two critical vulnerabilities in WhatsApp and WhatsApp Business on iOS - an Improper Access Control vulnerability and a Use-After-Free vulnerability.
These vulnerabilities have been disclosed by WhatsApp as a part of its November update in its security advisories.
The Improper Access Control vulnerability can allow hackers to access WhatsApp even if the device is locked. This vulnerability affects all versions of WhatsApp on iOS prior to the v2.20.100 version.
“Improper authorisation of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked,” said WhatsApp.
The Use-After-Free vulnerability is found in the logging library in WhatsApp and can be exploited by a remote hacker by simply sending a “specially crafted animated sticker to the target while placing a WhatsApp video call on hold, resulting in several events occurring together,” CERT-In explained.
This vulnerability impacts WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 and could have lead to “memory corruption, crashes and potentially code execution,” according to WhatsApp.
Since the vulnerabilities affect older versions of both WhatsApp and WhatsApp Business, it is recommended that iOS users update their apps immediately from the App Store to bring in the latest security patches.