CERT-In Issues “High” Severity Rating Advisory for WhatsApp Threats

The Indian Computer Emergency Response Team (CERT-In) has cautioned WhatsApp clients in India of various vulnerabilities it identified in the instant messaging platform, which could lead to a breach of sensitive client information and personal information. In a “high” severity rating advisory, the CERT-In said that the vulnerabilities had been recognized in specific versions of WhatsApp and WhatsApp Business for both Android and iOS platforms. 

The Indian Computer Emergency Response Team (CERT-In) is an office inside the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cybersecurity threats like hacking and phishing. It strengthens the security-related defense of the Indian Internet domain. A memorandum of understanding (MoU) was endorsed in May 2016 between the Indian Computer Emergency Response Team (CERT-In) and the Ministry of Cabinet Office, UK.

With the MoUs, participating nations can trade technical data on Cyber assaults, respond to cybersecurity incidents, and discover solutions to counter the cyber assaults. They can likewise trade data on predominant cybersecurity policies and best practices. The MoUs help to strengthen the cyberspace of signing countries, capacity building and improving relationships between them. 

“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said. Describing the risk in detail, it said that these vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline.” 

“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it said. 

To forestall the danger, the government’s cybersecurity agency has requested that clients update their WhatsApp on Android and iOS to the most recent versions. This isn’t the first occasion when that CERT-In has given a “high” severity rating advisory, cautioning clients of the presence of various vulnerabilities in the instant messaging platform.

In November 2019, CERT-In had cautioned WhatsApp clients about a buffer overflow vulnerability with the platform, which permitted an assailant to remotely target a system by sending a specially crafted MP4 audio or video file. The CERT-In had then cautioned that successful exploitation of this vulnerability would permit an attacker to cause remote code execution or denial of service condition for the clients.