Home » News » Apps » WhatsApp discloses six new vulnerabilities, claims none were exploited

WhatsApp discloses six new vulnerabilities, claims none were exploited

By Digit NewsDesk | Updated on 04-Sep-2020
WhatsApp discloses six new vulnerabilities, claims none were exploited
Digit NewsDesk Digit NewsDesk
04 Sep 2020 16:15
HIGHLIGHTS

WhatsApp launches new website for security disclosure.

The website lists 6 vulnerabilities, but they have been patched.

This is an effort towards more transparency by the social media giant.

Facebook-owned messaging service WhatsApp has launched its own security disclosure portal. As the name would suggest, the website’s purpose seems to be the official disclosure of vulnerabilities found on WhatsApp to the general public. The launch of the website finds 6 new vulnerabilities already listed on it.

According to the WhatsApp security bulletin, five of the six vulnerabilities were fixed on the day of discovery. WhatsApp has said that in their audit, they have not found any evidence of these vulnerabilities being exploited by wild elements. 3 of the security vulnerabilities were brought to the company’s attention via the bug bounty program while the other three were discovered during regular code audits performed internally. One of the vulnerabilities in question could have resulted in a URL being malformed, making WhatsApp download an image from a sender-controlled URL, without user permission. This vulnerability was noted only on the Android versions of WhatsApp and WhatsApp Business. Another vulnerability alludes to how a “specially crafted video stream” could have been used to execute an out-of-bounds write operation on Android-based smartphones.

WhatsApp has launched a new security website to disclose vulnerabilties found on the platform

The new security focussed website comes as part of an effort by Facebook to be more transparent about many things, including security. While WhatsApp has remained mostly free from serious security lapses, one blot on the company's otherwise stellar record is the one where the Israeli NSO Group exploited a vulnerability to infected smartphones of high-value individuals and human rights activists with their Pegasus worm. Pegasus embeds itself into the operating system of a target smartphone, giving the hacker full control over the device and the data stored on it. It was alleged that Jeff Bezos had fallen prey to this attack as well last year. The NSO Group has denied all such allegations.

Besides addressing vulnerabilities, the WhatsApp team is also busy trying to incorporate new features into the app. Rumour is that the company may be testing a way for users to sync their chat history across platforms. Beta releases for WhatsApp also suggests that the company may be bringing back vacation mode and a whole lot more.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo