WhatsApp users have been cautioned about new vulnerabilities detected in the popular instant messaging app that could lead to the breach of sensitive information. The CERT-In (Indian Computer Emergency Response Team) has rated the new vulnerability with a ‘high’ severity rating.
The national cyber attack division responsible for the safety of all Indians’ cyberspace also issued a new advisory on Saturday detailing the risks associated with the new WhatsApp vulnerabilities.
“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.
What is the new vulnerability and what does it do?
A cache configuration issue in the application allows attackers to remotely execute code or access sensitive information on a targeted system. Describing the vulnerabilities in detail, the advisory stated that they “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline.”
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it added.
What WhatsApp versions are affected?
The new vulnerability has been detected in WhatsApp and WhatsApp Business for Android and can affect versions before the v126.96.36.199 update. For iOS users, the WhatsApp and WhatsApp Business for iOS apps before v2.21.32 has been affected.
Users who are updated to the latest WhatsApp versions on Android and iOS are safe from the vulnerabilities. To ensure users are safe from the newly discovered vulnerability, they can go to the Play Store or App Store and update to the latest versions immediately.