Older iOS Versions of WhatsApp Susceptible to Hacking, Warns CERT-In

India’s cybersecurity agency warned iOS users that older versions of WhatsApp and WhatsApp Business could be prone to cyberattacks. According to media reports, the Computer Emergency Response Team (CERT-In) labeled the severity of the old apps’ vulnerability as high. CERT-In highlighted two crucial weaknesses in both applications that could result in grave invasions of privacy. The Use-After-Free vulnerability allows remote hackers to send custom stickers to targets, put video calls on hold, and engage in practices without users’ knowledge or consent. Meanwhile, the Improper Access Control vulnerability enables cybercriminals to access the victim’s device even while locked, impacting all WhatsApp versions before v2.20.200.

“A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file,” CERT-In’s statement said. “A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system.” The cybersecurity agency added that this could result in a “buffer overflow condition,” which could lead to the execution of “arbitrary code by the attacker.”

WhatsApp revealed these vulnerabilities via security advisories and released an update in November to resolve all related issues. If unfixed, these apps can cause device memory corruption, software crash, remote code execution, and denial of service conditions. CERT-In advised all iOS users still operating older app versions to update immediately through the App Store to mend all security flaws. WhatsApp had notified the Indian government in September about the threat of an Israeli spyware called Pegasus that targeted hundreds of Indian users. A company spokesperson said the messaging app is continuously working to enhance security, adding there is no reason to believe users were impacted.

Virtual private networks can lower security threats by encrypting your traffic and masking your IP address, thus protecting your identity, location, and online activities. TheVPN.Guru is home to a wide range of detailed VPN reviews and how-to guides and offers the latest cybersecurity tips and tricks.

Nathaniel Villa
Nathaniel Villa