(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Cybercriminals can exploit WhatsApp users through Apple's voice command feature Siri due to glitches in the app.
Multiple vulnerabilities in WhatsApp and WhatsApp Business for iOS could allow a remote attacker to bypass security restrictions or execute arbitrary code on the user's system, the Indian Computer Emergency Response Team (CERT-In) said in a statement.
The CERT-In falls under the Ministry of Electronics and Information Technology (MeitY).
The team spotted a glitch in the Screen Lock feature in both apps. An attacker could exploit this vulnerability by using Apple's Siri feature to communicate even after the phone is locked.
Also read | Hackers can exploit Zoom users by noticing shoulder movements, report says
The team also noted a vulnerability in the app's logging library. This could enable a cybercriminal to send specially crafted animated sticker to the target user while placing WhatsApp video call on hold. This could result in phone memory corruption, denial-of-service conditions, and execution of remote code.
Updating the app's software to the latest one could help mitigate the vulnerabilities, CERT-In recommended.
Earlier in September, the nodal agency governing cyberattacks had issued warnings against security glitches in WhatsApp in multiple devices including Android, iPhone, and desktop versions.
These vulnerabilities could allow attackers to execute remote code, and perform cross-site scripting which involves inputting a malicious script into a user's web browser, the team said.
Published - November 11, 2020 03:51 pm IST
