The Indian cyber agency CERT-In has issued a warning to WhatsApp users about a number of bugs that could be used by a remote attacker to execute arbitrary code on the targeted system.
The IT Ministry’s CERT-In described two remote code execution vulnerabilities in Meta-owned WhatsApp on both Android and iOS in an advisory. The first vulnerability is due to integer overflow in WhatsApp.
The cyber agency warned, “A remote attacker could exploit this vulnerability to execute remote code in an established video call.”
According to CERT-In, successful exploit of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.
Hackers can also take advantage of a second WhatsApp vulnerability by sending a specially crafted video file that exposes users’ personal information.
CERT-In recommended that WhatsApp users install the most recent security updates. According to third-party reports, WhatsApp has nearly 500 million users in India.