CERT-In issues security advisory to WhatsApp users
Indian cyber security agency CERT-In has warned WhatsApp users about the “vulnerability” that can compromise their individual account, even as the US-based company said that it is taking all security measures to address the concerns.
The Computer Emergency Response Team-India (CERT-In), a nodal agency to combat hacking and phishing, has issued an advisory in this context calling the severity of the threat, being spread by an MP4 file, as “high.”
The agency also suggested WhatsApp users upgrade their app to the latest version to tide over the problem. “A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system,” the CERT-In said
A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system,” it warned.
The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on victims system, it said.
The government agency said half-a-dozen WhatsApp software have been “affected” by the current vulnerability. However, WhatsApp spokesperson said that in this instance there is no reason to believe users were impacted.”
Separately, Facebook-owned company written to the government expressing “regret” over the Pegasus snooping row, and has assured that it is taking all security measures to address concerns.
The company is deeply committed to protecting the privacy of its users in India by providing industry-leading security for all messages and calls and by staying ahead of advanced threats to user security”, the US based company said
Last month, the Facebook-owned company had said that 121 Indian users including journalists and human rights activists were among those globally spied upon by unnamed entities using Israel developed Pegasus spyware