With billions of users from mobile to desktop, WhatsApp – a Facebook app, again is on the hot seat after reporting to the public a recent vulnerability report found within. There is a total of 6 vulnerability that has been spotted coming from reports gathered from netizens from its Bug Bounty program and their regular scanning and experimentation. Fortunately, the developers able to create an immediate patch within the day for the 5 vulnerability and needed another day for the other flaw.
WhatsApp had ensured that the unraveled flaw despite that the attack may be executed remotely, they confirmed that they found no trace that a threat actor may have already exploited it.
The lapses on the application were reported includes issues about cross-site scripting exploitation wherein perpetrators can inject malicious code to send messages where it could be a sort of spyware or ransomware. A flaw has also been patched that can cause a denial of service from an established call. Also, the weakness that hackers can gain access to previously sent messages of compromised devices as well as editing senders’ messages.
With its promise of transparency – WhatsApp, as per its community demand and commitment to the public, they have released as part of their website. On this specific page, users can be informed of the latest attacks and warnings that are targeting the app. The webpage also includes a dashboard of the latest patches and software updates that provides for complete details for which the update is created. The dashboard will be updated every month, or much earlier depends on the criticality of the spotted vulnerability. It will also list known vulnerability reports and patches since 2018.
This mitigation plan was created by WhatsApp to preempt another ruckus that happened last year wherein Pegasus malicious code was infected with an estimated 1,400 devices and victimized more than hundreds of pertinent individuals from a journalist to a human rights protector.
WhatsApp encouraged everyone to utilize the centralized information dashboard to be more aware and well equipped against perpetrators that would exploit the platform to harm its users. Aside from the Bounty Bug scheme, they are also promoting users to report any possible vulnerability on the app through its community. WhatsApp also added for users to ensure that the latest patch and software update are installed once available as this will be their primary guard for any possible intrusion, wherein the app may be used as the perpetrators’ medium.
