Indian security agency warns WhatsApp users against high severity security flaws

WhatsApp
(Image credit: guteksk7 / Shutterstock)

The Indian cybersecurity agency CERT-In has warned about new vulnerabilities found in the leading cross-platform messaging application WhatsApp could result in the breach of sensitive user data. The agency has thus released a high severity rating advisory and could be alarming for users still stuck with an old version of WhatsApp.

According to CERT-In, WhatsApp and WhatsApp Business for Android before v2.21.4.18 and WhatsApp and WhatsApp Business for iOS before v2.21.32 are susceptible to these flaws. The advisory issued by the agency detailing the criticality states that this vulnerability could “allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system.”

For those unaware, CERT-In is a national technology arm that tackles cyber attacks and acts as a watch guard for Indian cyberspace.

What is the impact of this WhatsApp Vulnerability? 

According to the report, this vulnerability exists due to certain features on WhatsApp and thus allows hackers to access personal data like chats, images, videos etc. by running malicious codes remotely. This vulnerability is linked “to a cache configuration issue and missing bounds check within the audio decoding pipeline.”

The report also suggests that since these flaws do not exist on the latest versions of WhatsApp, users using the latest version of the messaging application are not impacted at all.  However, users with WhatsApp and WhatsApp Business for Android older than v2.21.4.18 and WhatsApp and WhatsApp Business for iOS older than v2.21.32 may be at risk

How can I safeguard my chats? 

The simplest way to ensure the privacy of your data is by using the latest version of WhatsApp on your phone. Facebook led WhatsApp has stated that since these vulnerabilities existed in outdated versions of the application, there is a little chance of them being misused by hackers.

It has further stated that the said vulnerabilities have already been addressed by the bugs highlighted by the agency and has urged users to update the application on their devices to the latest one.

A prepared statement issued by WhatsApp read, "We regularly work with security researchers to improve the numerous ways WhatsApp protects people's messages. As is typical of software products, we have addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused."

This is, however, one of many vulnerabilities that were found in WhatsApp recently. Very recently, researchers found a flaw in WhatsApp that allowed stalkers to track unassuming users’ “online status” to monitor their activities. This flaw could be used to correctly predict if a user is busy chatting with someone else at any given time.

Get up close with consumer tech news that you can use, latest reviews and buying guides. Follow TechRadar India on TwitterFacebook and Instagram!

TOPICS
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Read more
WhatsApp on smartphone
WhatsApp has fixed its "View once" feature – but has left more of your data at risk
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Should you ditch unencrypted messaging apps? Here's what experts say about the FBI's warning
A woman holding a mobile phone in front of the Signal logo displayed on a computer screen
Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging apps
WhatsApp China VPN
Paragon spyware campaign targeting journalists disrupted by WhatsApp
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Email & Messaging
Gmail at 20
No joke, Gmail is 20 and we're probably better for it
Google introduced Gmail to the public on April 1, 2004, leading many to believe it was an April Fools' Day prank
Google's next AI update for Gmail could let you ask it to write emails with your voice
A laptop screen on an orange background showing the Gmail logo and an inbox
Final warning: it’s your last chance to save your old Gmail account from deletion
A phone showing WhatsApp video calling on a pink background
WhatsApp video calls get handy screen-sharing feature – here's how to use it
Gmail
Watch out Google users – your account could get deleted if it’s not used
Google Chat messaging friends
Google wants to make its Chat app a lot more personal by copying WhatsApp
Latest in News
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – here's everything we know about Twitter's third outage of the day
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”