A “high” severity rating advisory issued by India’s cyber security agency CERT-in said the vulnerability has been detected in software that has “WhatsApp and WhatsApp Business for Android and IoS users. The CERT-In is the national technology arm that tackles cyber attacks and guards Indian cyberspace.
It detailed android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32. The advisory further says that, users of the app (application) should update the latest version of WhatsApp from Google Play store or iOS App Store to counter the vulnerability threat.
There are multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said.
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it added.
According to CERT-In, the vulnerabilities were a result of an alleged “cache configuration issue and missing bounds check within the audio decoding pipeline” in the WhatsApp applications.
The agency has urged all users to immediately update the latest version of WhatsApp from the Google Play Store or iOS App Store to counter the vulnerability threat.
Describing the risk in detail, it said that these vulnerabilities “exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline.”
“Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it said.