WhatsApp Says Two Outdated Software Bugs Addressed After CERT-in Warns User Data at Risk

Mobile

WhatsApp on Monday said that it has addressed two bugs that existed on its outdated software and that it had no reason to believe that “these vulnerabilities were ever abused”. The official statement came in the wake of a recent advisory issued by the CERT-In, India’s cybersecurity agency, which cautioned WhatsApp users about certain vulnerabilities in the app that could lead to breach of sensitive information.

“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages. As is typical of software products, we have addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused,” a WhatsApp spokesperson told PTI in a statement.

The spokesperson added that WhatsApp “remains safe and secure, and end-to-end encryption continues to work as intended to protect people’s messages”.

A “high” severity rating advisory issued by the CERT-In, or the Indian Computer Emergency Response Team, on Saturday, had said that the vulnerability has been detected in the software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32”.

“Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory had said. The advisory had recommended users update their devices with the latest version of WhatsApp from the Google Play store or iOS App Store to counter the vulnerability threat.

CERT-In is the federal technology arm for combating cyberattacks and guarding Indian cyberspace.


Does WhatsApp’s new privacy policy spell the end for your privacy? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.