Vulnerability detected in WhatsApp; CERT-In issues advisory

NEW DELHI: An Indian cyber security agency has warned WhatsApp users against a “vulnerability” that can attack this popular social media messaging app and compromise individual system.

Vulnerability detected in WhatsApp; CERT-In issues advisory

CERT-In has issued an advisory in this context calling the severity of the threat, being spread by an MP4 file, as “high.”

kavishakohli@gmail.com

New Delhi, November 20

An Indian cyber security agency has warned WhatsApp users against a “vulnerability” that can attack this popular social media messaging app and compromise individual system without seeking permissions.

The Computer Emergency Response Team-India (CERT-In) has issued an advisory in this context calling the severity of the threat, being spread by an MP4 file, as “high.”  

The advisory comes in the backdrop of recent developments where WhatsApp had informed the Indian government in September that over hundred Indian users were targeted by the Israeli spyware Pegasus.

“A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system,” the latest advisory said.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain.

The agency’s advisory suggested “upgrading” to the latest version of WhatsApp to combat or tide over the problem.

Describing the malicious action of the vulnerability in the popular social messaging app (application), it said, “A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system.”     

It added that this could trigger a buffer overflow condition leading to execution of arbitrary code by the attacker.

“The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on victim’s system,” it said.

Successful exploitation of this vulnerability, it said, could allow the remote attacker to cause remote code execution (RCE) or denial of service (DoS) condition, which could lead to further compromise of the system.

It stated half-a-dozen WhatsApp software have been “affected” by the current vulnerability.

They have been identified as WhatsApp for Android prior to 2.19.274, WhatsApp for iOS prior to 2.19.100, WhatsApp Enterprise Client prior to 2.25.3, WhatsApp for Windows Phone prior to 2.18.368, WhatsApp Business for Android prior to 2.19.104 and WhatsApp Business for iOS prior to 2.19.100. —PTI

 

Cities

View All

Despite NGT orders, MC fails to start garbage remediation

It was also told to develop a green belt, build a wall aroun...

Farmers get soil health cards

Scheme aimed at ensuring judicious use of fertilisers

Chief Engineer finds fault with Corbusier

Says Capitol Complex ‘nude’ building, terms it blunder

Feel unsafe returning from library at night, say PU girls

No e-rickshaws, hostellers have to book cab or go in groups

Two jailed for injuring student

Court imposes Rs 1K fine, acquits them of murder bid charges

Investigations to continue despite victim’s retraction

IG told to verify fairness of probe by P’kula police

NSUI members clash with cops during protest

Rally organised against education policy; DTC bus vandalise...

Rains, thunderstorm in Delhi

Temperature is likely to drop after Saturday

DC to take up ROB issue with Chief Secretary

Railways is delaying process to start construction of the br...

Division 7 cops in spot

Victim girl accuses them of bias in harassment case

Gang raising loan on fake jewellery busted, 5 held

95-gram ornaments recovered; 3 suspects escape

SUV rams into stationary truck, driver dies on spot

Couldn’t spot truck in time due to fog at Biza