Cyber agency cautions WhatsApp users against breach of information

Tribune News Service
New Delhi, April 17

The country’s cyber security agency CERT-In has cautioned WhatsApp users about certain vulnerabilities detected in the popular instant messaging app that could lead to breach of sensitive information.

A “high” severity rating advisory issued by the CERT-In or the Indian Computer Emergency Response Team said the vulnerability had been detected in software that had “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”

After India, Brazil targets privacy update

After facing an intense scrutiny in India over its upcoming privacy update, consumer protection agencies in Brazil have now asked the government to act on the May 15 privacy update that will allow Facebook to aggregate users’ data across all of its platforms. Consumer rights non-profit organisation Idec has notified Brazil’s National Data Protection Authority, the National Consumer Secretariat and the Federal Prosecution Service, among others, with a request for joint action against the privacy policy, reports ZDNet. IANS

The CERT-In is the national technology arm to combat cyber attacks and guarding the Indian cyber space. It comes under the Ministry of Information Technology.

Multiple vulnerabilities

• A “high” severity rating advisory issued by the CERT-In said vulnerability had been detected in software that had “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”
• The CERT-In is the national technology arm to combat cyber attacks and guarding the Indian cyber space. “Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory issued on Saturday said.

“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory issued on Saturday said.

Describing the risk in detail, it said these vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.

“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it said.

The advisory added that users of the app (application) should update the latest version of WhatsApp from Google Play store or iOS App Store to counter the vulnerability threat.

(With inputs from PTI)