CERT-IN cautions Whatsapp users of vulnerabilities detected in the app
Earlier this week, CERT-IN – India’s cyber security agency cautioned WhatsApp users about certain vulnerabilities detected in the instant messaging app that could lead to breach of sensitive information. The vulnerability was discovered in software that has ‘WhatsApp and WhatsApp Business for Android prior to v184.108.40.206 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.’ Please find below a comment from Satnam Narang, Staff Research Engineer, Tenable.
“With over two billion users, WhatsApp is one of the most popular messaging platforms around the world. Therefore, the discovery of vulnerabilities within the WhatsApp application for Android and iOS devices could be significant. Earlier this month, two flaws were patched in WhatsApp for Android and iOS. To exploit these flaws in apps like WhatsApp, more often than not, an attacker would need to socially engineer the victim into clicking on a link to visit a website.
“Whenever WhatsApp releases new versions of its software, it is important for end-users to ensure updates are applied, either automatically or by checking for updates. This can help address any known vulnerabilities within the application.
“With respect to the supposed WhatsApp Pink release, it appears that cybercriminals are circulating a fake copy of WhatsApp for Android that apparently changes the colour of the app logo and the app iconography and theme to pink. Installing apps from outside the Google Play Store is a risky proposition, so we strongly encourage users to be cautious and not install apps from outside the official Google Play Store.” — Satnam Narang, Staff Research Engineer, Tenable