- Improper Access Control vulnerability discovered on WhatsApp for iOS.
- Use-After-Free vulnerability disclosed on both WhatsApp and WhatsApp Business for iOS
- Vulnerabilities reduce app performance and damage the devices.
The old versions of WhatsApp and WhatsApp Business for iOS are under attack, this was observed by an Indian cybersecurity agency, Computer Emergency Response Team (CERT-In), they discovered multiple vulnerabilities in old versions of WhatsApp, and they warned iOS users to update their Application to the latest.
For November update in security advisories, WhatsApp discloses these two critical vulnerabilities in WhatsApp application and WhatsApp Business application on iOS, and Improper Access Control vulnerability and a Use-After-Free vulnerability. The badness of these multiple vulnerabilities is rated as very high. Therefore the CERT-In alerts iOS users to update their WhatsApp versions to the latest versions.
The Improper Access Control vulnerability affects all versions of WhatsApp on iOS before the v2.20.100 version, it is dangerous for the application as it can allow hackers to access WhatsApp even if the device is locked. WhatsApp said that Improper authorisation of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS before v2.20.100 could have permitted the use of Siri to interact with the WhatsApp application even after the phone was locked.
CERT-In explained that the Use-After-Free vulnerability is found in the logging library in WhatsApp and can be exploited by a remote hacker by simply sending a (specially crafted animated sticker to the target while placing a WhatsApp video call on hold, resulting in several events occurring together).WhatsApp also added that this vulnerability impacts WhatsApp for iOS before v2.20.111 and WhatsApp Business for iOS before v2.20.111 and could have lead to memory corruption, crashes and potentially code execution.
The alert issued by CERT-In warns iOS users against these two critical vulnerabilities since they affect older versions of both WhatsApp and WhatsApp Business, iOS users are encouraged to update their apps immediately from the App Store to bring in the latest security patches, by so doing they maintain good performance of WhatsApp and WhatsApp Business applications.
iOS users should take serious measures to protect their data and gadgets from the mentioned vulnerabilities since they will cause damage to the devices when memory corrupts, WhatsApp users should also deactivate Siri from accessing the application to avoid Improper Access and also avoiding opening suspicious stickers sent to them via WhatsApp.