CERT-IN has cautioned WhatsApp clients in India of various vulnerabilities it identified in the instant messaging platform, which could lead to a breach of sensitive client information and personal information. In a “high” severity rating advisory, the CERT-In said that the vulnerabilities had been recognized in specific versions of WhatsApp and WhatsApp Business for both Android and iOS platforms.
Vulnerabilities exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system.
CERT-In has requested that clients update their WhatsApp on Android and iOS to the most recent versions. This isn’t the first occasion when that CERT-In has given a “high” severity rating advisory, cautioning clients of the presence of various vulnerabilities in the instant messaging platform.
Earlier CERT-In had cautioned WhatsApp clients about a buffer overflow vulnerability with the platform, which permitted an assailant to remotely target a system by sending a specially crafted MP4 audio or video file. The CERT-In had then cautioned that successful exploitation of this vulnerability would permit an attacker to cause remote code execution or denial of service condition for the clients.