The Indian Computer Emergency Response Team (CERT-In) has warned users of multiple vulnerabilities in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system.
One vulnerability was found in the Screen Lock feature in WhatsApp and WhatsApp Business for iOS due to improper authorisation of input, CERT-In said in a vulnerability note.
An attacker could exploit this vulnerability by using the Siri virtual assistant to communicate even after the phone is locked, said the note last week which carried a “high” severity rating.
Another vulnerability was found in the logging library in WhatsApp and WhatsApp Business for iOS due to what is called a “use-after-free” error.
A remote attacker could exploit this vulnerability by sending a specially crafted animated sticker to the target user while placing a WhatsApp video call on hold, resulting in several events occurring together in sequence, CERT-In said.
Successful exploitation of this vulnerability could lead to memory corruption, denial of service conditions or execution of remote code.
To protect themselves from these vulnerabilities, users should install the latest and updated version of WhatsApp and WhatsApp Business from AppStore, CERT-In said.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]