The world’s most popular instant messaging app, WhatsApp, warned its users that there are 6 major flaws that were discovered in the app, as the messaging platform this month launched a more open approach to informing users about the flaws revealed in the highly popular iOS and Android versions, as the platform unveiled a series Issues included stickers, video calls, and WhatsApp Desktop.
According to the British newspaper Express, on a newly created security website, WhatsApp identified six vulnerabilities – five of them were fixed in one day, while the last flaw took a longer time to resolve them. WhatsApp said that some errors could be triggered remotely. However, they found no evidence that the hackers were actively exploiting the vulnerabilities.
A number of errors have been reported through the WhatsApp Bug Reward Program, which rewards security experts outside the company for discovering security vulnerabilities, while others were discovered through routine code reviews and using automated systems, and one of the flaws, which Watts called August Name CVE-2020-1890, about a user submitting “intentionally mutilated data to download an image from a sender-controlled URL”.
Another, called CVE-2020-1891, affected video calls on various versions of WhatsApp for Android, iOS, and WhatsApp Business, while the CVE-2020-1886 vulnerability could have been exploited after an unsuspecting WhatsApp user caught a “malicious video call”, and affected The bug in CVE-2019-11928 on WhatsApp Desktop users who clicked a “link from a specially crafted direct site message”.
WhatsApp explained on its new security consulting website: “If an error is identified, we are working to fix the problem as quickly as possible. In line with industry best practices, we will not reveal security issues until after any claims are fully investigated, with Issue necessary fixes and make updates widely available through the relevant application stores We use the same approach for all WhatsApp products.
He continued: “If we fix a problem in one of our products, we also work to ensure that it is addressed in any other products that may depend on the same code. We follow the instructions provided by manufacturers of operating systems, for storage on the device, and we rely on the security of operating systems and APIs.”
And “WhatsApp” also depends on many libraries of code, which were developed by third parties to obtain various features, and we will suspend security updates for these libraries so that other developers can make the necessary updates. It is our policy to notify the developers and providers of mobile operating systems, about the security issues that WhatsApp may identify. We are very committed to transparency, and this resource aims to help the broader tech community benefit from the latest developments in our security efforts. We strongly encourage all users to ensure that they continue to update the application, from their application stores, and update their mobile operating systems whenever updates become available. “
This news comes as WhatsApp users were alerted about another threat that could trigger a “crash code” that would self-destruct the chat application. The threat was discovered by WhatsApp investigators at WABetaInfo who said that the code is triggered after the user clicks on Mysterious-looking message.
– .
