May 20, 2024

Report Wire

News at Another Perspective

CERT-In: Multiple vulnerabilities reported in WhatsApp; distant attacker can entry information

2 min read
3 years ago

The Indian Computer Emergency Response Team (CERT-In) has warned WhatsApp customers in India of a number of vulnerabilities it detected within the immediate messaging platform, which may result in breach of delicate person knowledge and private data.
In a “high” severity score advisory, the CERT-In stated that the vulnerabilities had been detected in a sure variations of WhatsApp and WhatsApp Business for each Android and iOS platform.
“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory stated.
The vulnerabilities, CERT-In stated, exist in WhatsApp attributable to a cache configuration challenge and lacking audio decoding pipeline, which may give hackers the potential to “ execute arbitrary code or access sensitive information on a targeted system”.
To forestall the risk, the federal government’s cybersecurity company has requested customers to replace their WhatsApp on Android and iOS to the most recent variations.
This is just not the primary time that CERT-In has issued a “high” severity score advisory, warning customers of the presence of a number of vulnerabilities within the immediate messaging platform. In November final yr, the cybersecurity company had issued the same warning to customers, cautioning them that it had discovered two main vulnerabilities, particularly improper entry management and user-after-free vulnerability.

The improper entry management vulnerability was discovered to be current within the display screen lock characteristic of the moment messaging platform and may very well be used to speak on WhatsApp by giving voice instructions to Siri, an audio assistant in iOS telephones. On the opposite hand, use-after-free vulnerability allowed attackers to focus on customers by sending a specifically crafted animated sticker throughout a video name.

Similarly, in November 2019, CERT-In had warned WhatsApp customers a few buffer overflow vulnerability with the platform, which allowed an attacker to remotely goal a system by sending a specifically crafted MP4 audio or video file.
The CERT-In had then warned that profitable exploitation of this vulnerability would enable an attacker to case distant code execution or denial of service situation for the customers.

Tags:

More Stories

4 min read

Arbitrage funds’ spreads are enticing, and buyers should take benefit

7 months ago
3 min read

Crypto laws: EU securities watchdog provides Dec 2024 deadline

7 months ago
4 min read

How to recover from with your own home mortgage rapidly? Here are 6 methods

7 months ago

You may have missed

1 min read

More than 250 injured so far in road accident on Holi, admitted to RIMS

2 months ago
2 min read

Holi celebrated in a unique way in Collector bungalow: Collector and SSP celebrated Holi with officers and employees, administered oath for free and fair voting, then took selfie in selfie point.

2 months ago
2 min read

From Punjab To MP To Maharashtra, Exodus Continues In Congress Benefiting BJP.

2 months ago
1 min read

Watch: Fresh Day Time Video Of Baltimore Bridge After Collapse; All Crew Members Are Indian, Says Ship Firm

2 months ago