WhatsApp reveals 6 security issues that could have got its users ‘hacked’ – Times of India

Facebook-owned WhatsApp has revealed six vulnerabilities within the app that could have allowed attackers to push malicious codes remotely by way of photos, URLs and video calls. WhatsApp claims that these vulnerabilities are actually fastened however there isn’t any official data as as to if users had been impacted or not.
As per WhatsApp, a bug now recognized as CVE-2020-1894 could have allowed arbitrary code execution when enjoying a specifically crafted push to speak message. This was triggered on account of a stack write overflow in WhatsApp for Android previous to v2.20.35 and WhatsApp for iPhone previous to v2.20.30. The identical concern was there within the respective WhatsApp Business apps as nicely.
WhatsApp additionally had a URL validation concern. “WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction,” it defined.
WhatsApp additionally had “an input validation issue” in WhatsApp Desktop variations previous to v0.3.4932. This concern could have allowed cross-web site scripting upon clicking on a hyperlink from a specifically crafted reside location message, it stated.
“A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call,” stated WhatsApp whereas description one other concern with
All the six vulnerabilities are reported on WhatsApp’s security advisory web site. This web site will hold a document of all security updates and Common Vulnerabilities and Exposures (CVE). The purpose of this web site is principally to advertise WhatsApp as a clear entity and likewise assist security researchers perceive the issues and bugs higher. Along with explaining the main points of the vulnerability, WhatsApp is letting users know as to how sure bugs could have been utilized by attackers. It additional clarifies that “CVE descriptions are meant to help researchers understand technical scenarios and does not imply users were impacted in this manner.”

We will be happy to hear your thoughts

Leave a Reply

Reset Password