WhatsApp users should 'immediately' update to latest versions to fix security flaws: SingCert
SINGAPORE — WhatsApp has released an update to address security flaws that could allow attackers to gain complete control of a targeted user's mobile application, the Singapore Computer Emergency Response Team (SingCert) said in a statement on Wednesday (Sept 28).
SINGAPORE — WhatsApp has released an update to address security flaws that could allow attackers to gain complete control of a targeted user's mobile application, the Singapore Computer Emergency Response Team (SingCert) said in a statement on Wednesday (Sept 28).
The government cybersecurity response team urged WhatsApp users to download the latest versions "immediately", though it added that there are so far no reports of active exploitation of the remote code execution vulnerabilities.
The first vulnerability affects the Video Call Handler component.
An attacker can exploit this during a video call with a targeted user to take complete control of their WhatsApp app, SingCert explained.
The second vulnerability affects the Video File Handler component by sending a specially crafted video file to targeted users and convincing them to play it.
The following versions are affected by the first vulnerability:
- WhatsApp for iOS and Android before version 2.22.16.12
- WhatsApp Business for iOS and Android before version 2.22.16.12
The following versions are affected by the second vulnerability:
- WhatsApp for Android before version 2.22.16.2
- WhatsApp for iOS before version 2.22.15.9
Users are advised to update to the latest versions of WhatsApp immediately by visiting their app stores and they are encouraged to enable automatic updates to ensure the app is updated promptly, SingCert said.