WhatsApp discloses six new vulnerabilities, claims none were exploited

By Digit NewsDesk | Published on 04 Sep 2020

WhatsApp launches new website for security disclosure.

The website lists 6 vulnerabilities, but they have been patched.

This is an effort towards more transparency by the social media giant.

WhatsApp discloses six new vulnerabilities, claims none were exploited

#IBMCodePatterns, a developer’s best friend.

#IBMCodePatterns provide complete solutions to problems that developers face every day. They leverage multiple technologies, products, or services to solve issues across multiple industries.

Click here to know more


Facebook-owned messaging service WhatsApp has launched its own security disclosure portal. As the name would suggest, the website’s purpose seems to be the official disclosure of vulnerabilities found on WhatsApp to the general public. The launch of the website finds 6 new vulnerabilities already listed on it.

According to the WhatsApp security bulletin, five of the six vulnerabilities were fixed on the day of discovery. WhatsApp has said that in their audit, they have not found any evidence of these vulnerabilities being exploited by wild elements. 3 of the security vulnerabilities were brought to the company’s attention via the bug bounty program while the other three were discovered during regular code audits performed internally. One of the vulnerabilities in question could have resulted in a URL being malformed, making WhatsApp download an image from a sender-controlled URL, without user permission. This vulnerability was noted only on the Android versions of WhatsApp and WhatsApp Business. Another vulnerability alludes to how a “specially crafted video stream” could have been used to execute an out-of-bounds write operation on Android-based smartphones.

WhatsApp has launched a new security website to disclose vulnerabilties found on the platform

The new security focussed website comes as part of an effort by Facebook to be more transparent about many things, including security. While WhatsApp has remained mostly free from serious security lapses, one blot on the company's otherwise stellar record is the one where the Israeli NSO Group exploited a vulnerability to infected smartphones of high-value individuals and human rights activists with their Pegasus worm. Pegasus embeds itself into the operating system of a target smartphone, giving the hacker full control over the device and the data stored on it. It was alleged that Jeff Bezos had fallen prey to this attack as well last year. The NSO Group has denied all such allegations.

Besides addressing vulnerabilities, the WhatsApp team is also busy trying to incorporate new features into the app. Rumour is that the company may be testing a way for users to sync their chat history across platforms. Beta releases for WhatsApp also suggests that the company may be bringing back vacation mode and a whole lot more.

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status