Indian computer emergency response team, CERT-IN has warned people about multiple vulnerabilities in WhatsApp for iOS and WhatsApp Business. They have marked the severity of the vulnerability as “high”. CERT-IN has informed about two major vulnerabilities that include improper Access Control Vulnerability and a use-after-free vulnerability. the flaws have been found at the older versions of WhatsApp for iOS and WhatsApp Business.
The vulnerabilities were revealed by WhatsApp in its security adversaries as a part of their security advisories. CERT-IN said in a blog that a large number of vulnerabilities has been found in WhatsApp and WhatsApp Business for iOS that can allow a remote attacker to bypass security restrictions or execute arbitrary code at the target system.
CERT-IN had two major vulnerabilities – Improper Access Control Vulnerability and use-after-free in their note. According to the CERT-IN report, improper access control vulnerability exists at the screen lock feature in WhatsApp because of improper authorization of input. The report unveils that an attacker can exploit the flaw by using Siri for communicating even if the phone is locked. If the attacker is successful in exploring the vulnerability, it can allow the attacker to bypass security restrictions.
Another vulnerability is the use-after-free vulnerability. The report said that the vulnerability exists at the logging library in WhatsApp for iOS due to this error. An attacker can exploit this vulnerability by sending a specially crafted animated sticker to the target contact during video call. the report also says that if the attacker is successful in exploiting the vulnerability, it can lead to memory corruption, denial of service conditions and execution of remote code.