Home / Tech / News / Multiple vulnerabilities in WhatsApp, Whatsapp Business for iOS, warns CERT-In

Multiple vulnerabilities in WhatsApp, Whatsapp Business for iOS, warns CERT-In

A 3D printed Whatsapp logo is placed on the keyboard in this illustration taken April 12, 2020. REUTERS/Dado Ruvic/Illustration/Files
A 3D printed Whatsapp logo is placed on the keyboard in this illustration taken April 12, 2020. REUTERS/Dado Ruvic/Illustration/Files (REUTERS)

iOS users should update WhatsApp and WhatsApp Business right away from the App Store because these vulnerabilities, if exploited, can lead to memory corruption, crashes and potentially code execution. 

Indian cyber security agency, Computer Emergency Response Team (CERT-In) has issued a warning against multiple vulnerabilities in the older versions of WhatsApp and WhatsApp Business on iOS.

As per reports, the severity rating of the vulnerability has been marked as ‘high’.

The alert issued by CERT-In warns of two critical vulnerabilities in WhatsApp and WhatsApp Business on iOS - an Improper Access Control vulnerability and a Use-After-Free vulnerability.

These vulnerabilities have been disclosed by WhatsApp as a part of its November update in its security advisories.

Also Read: How to set up and use WhatsApp Pay: All you need to know

The Improper Access Control vulnerability can allow hackers to access WhatsApp even if the device is locked. This vulnerability affects all versions of WhatsApp on iOS prior to the v2.20.100 version.

“Improper authorisation of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked,” said WhatsApp.

Also Read: WhatsApp will now receive a copy of recent messages when a user is reported

The Use-After-Free vulnerability is found in the logging library in WhatsApp and can be exploited by a remote hacker by simply sending a “specially crafted animated sticker to the target while placing a WhatsApp video call on hold, resulting in several events occurring together,” CERT-In explained.

This vulnerability impacts WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 and could have lead to “memory corruption, crashes and potentially code execution,” according to WhatsApp.

Since the vulnerabilities affect older versions of both WhatsApp and WhatsApp Business, it is recommended that iOS users update their apps immediately from the App Store to bring in the latest security patches.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.