The Indian Computer Emergency Response Team (CERT-In) has warned about multiple vulnerabilities in the iOS versions of WhatsApp and WhatsApp Business. According to the agency, the flaws include an Improper Access Control vulnerability and a Use-After-Free vulnerability. The severity level for both has been marked as ‘High’ by WhatsApp in its November security advisory.
According to WhatsApp, the Improper Access Control vulnerability can allow hackers to access private user data even if the device is locked. “Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked“, said the company in an official statement.
As for CERT-In, the agency said that the use-after-free in a logging library in WhatsApp can be exploited by a remote attacker “by sending a specially crafted animated sticker to the target while placing a WhatsApp video call on hold, resulting in several events occurring together”. The vulnerabilities could have resulted in “memory corruption, crashes and potentially code execution”, according to the advisory.
Thankfully, the vulnerabilities are found on older versions of the software and, can be mitigated by updating them to the latest available version. That being the case, the agency is advising all users to download the latest version of WhatsApp and WhatsApp Business on iOS to avoid any potential security threats. So if you are still running an older version of WhatsApp or WhatsApp Business on your iPhone, get it updated to the latest version to stay safe.