WhatsApp is discovered to have disclosed as many as 12 vulnerabilities in 2019, considerably larger than the one or two safety flaws it reported up to now few years. The most recent discovery comes sizzling on the heels of the alleged hacking of Amazon founder and CEO Jeff Bezos’ telephone that was allegedly because of a WhatsApp loophole. The hacking, which was reported final week, raised eyebrows for the immediate messaging app that was acquired by Fb in February 2014. WhatsApp additionally final yr confronted an argument in India when a vulnerability was used to allegedly allow snooping of human rights activists and journalists within the nation via an Israeli spyware and adware referred to as Pegasus.
In accordance with the entries out there on the US Nationwide Vulnerability Database (NVD), WhatsApp reported 12 vulnerabilities final yr. A complete of seven vulnerabilities of the entire depend had been classed as “crucial”.
The checklist of vulnerabilities disclosed by WhatsApp embrace the CVE-2019-3568 bug that was marked crucial and found inside the VoIP (voice-over-Web-protocol) stack of the app in Might final yr. It allowed hackers to remotely execute malicious code on smartphones.
Equally, one other crucial flaw that was tracked by CVE-2019-11933 is part of the US database. It was described as a heap buffer overflow bug and impacted WhatsApp for Android previous to model 2.19.291. It may allow attackers to execute malicious code or trigger a denial of service.
Safety points impacted WhatsApp largely in 2019. Spy ware Pegasus was noticed exploiting WhatsApp’s video calling system and allegedly helped governments hack into cellular gadgets of greater than 100 individuals worldwide, together with journalists and human rights staff. India was amongst the important thing markets for the spyware and adware that was supplied by Israeli surveillance firm NSO and was allegedly utilized in Might.
A report by Test Level final month additionally revealed a bug that would have allowed attackers to crash WhatsApp by delivering a malicious group message. The bug was found in August and had the potential to trigger a crash loop.