iPhone users, if you haven’t updated your WhatsApp application for a while then you should do it right now as The Indian Computer Emergency Response Team (CERT-In) has found multiple vulnerabilities in the Facebook-owned app that “could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system.”
According to the advisory issued on CERT-In’s website, the severity of the issue has been rated ‘high’ and affects WhatsApp for iOS prior to versions 2.20.111 and WhatsApp Business for iOS prior to versions 2.20.111.
The first vulnerability, titled ‘Improper Access Control Vulnerability’, has been found in the ‘Screen Lock’ feature in WhatsApp and WhatsApp Business app. “An attacker could exploit this vulnerability by using Siri to communicate even after the phone is locked. Successful exploitation of this vulnerability could allow the attacker to bypass security restrictions,” said CERT-In.
As for the second vulnerability, titled ‘Use-After-Free Vulnerability’, which has been found in the logging library in WhatsApp and WhatsApp Business due to ‘a use-after-free error.’
“A remote attacker could exploit this vulnerability by sending a specially crafted animated sticker to the target user while placing a WhatsApp video call on hold, resulting in several events occurring together in sequence. Successful exploitation of this vulnerability could lead to memory corruption, denial of service conditions or execution of remote code,” added the report.