India’s cyber agency On Wednesday, CERT-In issued a warning to WhatsApp users about a number of issues that might be exploited by a remote attacker to execute arbitrary code on the targeted system. The IT Ministry’s CERT-In described two remote code execution vulnerabilities in Meta-owned WhatsApp in both Android and iOS versions in an advisory. The initial vulnerability in WhatsApp is caused by integer overflow.
The cyber agency warned that “a remote attacker might exploit this vulnerability to execute remote code in an established video connection.” According to CERT-In, successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected machine. Hackers can also take advantage of a second vulnerability in WhatsApp by delivering a specially constructed video file that exposes users’ personal information. WhatsApp users were encouraged by CERT-In to apply the most recent security patches. According to third-party statistics, WhatsApp has approximately 500 million users in the country.
(source : IANS)
