The Indian Computer Emergency Response Team (CERT-In) has cautioned users against certain vulnerabilities in an older version of the instant messaging application WhatsApp, which could lead to a breach of sensitive information.
The advisory rated ‘Severe’ by the authorities at CERT-In explained that “Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system.”
The vulnerability has been detected in “WhatsApp and WhatsApp Business for Android prior to v18.104.22.168 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”
Responding to the development, a WhatsApp spokesperson told Inc42 that the bugs have been addressed by the platform with its latest update: “We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages. As is typical of software products, we’ve addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused. WhatsApp remains safe and secure, and end-to-end encryption continues to work as intended to protect people’s messages.”
Users can guard themselves against the threat by installing the latest update to WhatsApp from the Google Play Store or the iOS App Store.
Earlier this month, a data breach meant that the personal data of 533 Mn Facebook users was leaked online on a hacker forum. Of these, 6 Mn were Indian users. The leaked details included details such as phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. The social media giant, which owns WhatsApp and Instagram, told media agencies that the leak was related to a vulnerability that the company had patched in 2019.
In January this year, phone numbers of 6 lakh Indian Facebook users were being sold on Telegram through a bot.
WhatsApp has told the Delhi High Court that the CCI probe is just a headline-grabbing endeavour.
Meanwhile, CCI has told the court that WhatsApp’s new policy would lead to excessive data collection and stalking of its users.
Update – April 19, 2021, 3:21 pm: WhatsApp’s response added to the story.