Centre warns WhatsApp users, cautions them against hacker attack

The CERT-in advisory has warned of multiple vulnerabilities in WhatsApp which could help a remote attacker to execute an arbitrary code on the targeted system.

The Indian Computer Emergency Response Team (CERT-IN), a nodal agency under the Ministry of Electronics and Information Technology, has warned of vulnerabilities in WhatsApp for Android and iOS prior to v2.22.16.12, WhatsApp Business for Android and iOS prior to v2.22.16.12, WhatsApp for Android prior to v2.22.16.12 and WhatsApp for iOS for v2.22.15.9.

The CERT-in advisory has warned of multiple vulnerabilities in WhatsApp which could help a remote attacker to execute an arbitrary code on the targeted system.

According to the Centre’s advisory, the vulnerability exists in WhatsApp due to integer overflow. “A remote attacker could exploit this vulnerability to execute remote code in an established video call.”

WhatsApp also stated the same in its latest security advisory, saying, “An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call”.

The Centre has also cited the WhatsApp advisory on integer underflow, and warned that the remote attacker could exploit this vulnerability by sending a specially-crafted video file.

To protect themselves from such an attack, the WhatsApp users should update the app.

This comes at a time when WhatsApp has introduced new features for its users, the latest being ‘Call Link’. The feature helps users to join or start video and audio calls with just one tap. The users can easily share this call link individually or on groups and invite others to join the calls. Hindustan Times