Facebook-owned WhatsApp revealed six major issues through which you’re WhatsApp data may leak from the app. Through some malicious code, attackers can easily grab the image, data, and contacts through WhatsApp. WhatsApp also claimed that these issues are now fixed but there is no official information regarding that.
According to WhatsApp, the error is now identified and called CVE-2018-1894 can easily allow the execution of a particular code. This happened due to stack write overflow in your WhatsApp when it comes to Android is known as v2.20.35 and for iPhone as v2.20.30. This crucial issue was also in WhatsApp business apps.
There was also a URL validation issue on WhatsApp and WhatsApp for business as well. For Android was v2.20.11 and for WhatsApp
business for Android was v2.20.2.There was also an input validation issue on WhatsApp. This input validation issue can allow cross-site scripting while clicking on a link from a specific crafted location.
Buffer overflow in Android as v2.20.11 and for WhatsApp business v2.20.2 can easily allow an external or you can say out of bounds which acts as a video streaming after receiving an answer to that unwanted or malicious video call.
Security Advisory Website
All of the six vulnerabilities are reported on WhatsApp and to the security advisory website to protect your crucial data on WhatsApp. This website which is a security advisory website, especially for WhatsApp, will keep all the important records of all the security updates for WhatsApp and CVE that are Common vulnerabilities Exposures. This website is very helpful for all users because the maximum amount of data on user’s phones is important.
The main aim of this website (security advisory website) is to keep the data safe and secure. This website is very well at promoting WhatsApp as a transparent entity and very
well in helping security researchers to fetch the issue effectively and give a
solution. CVE Descriptions are helpful for researchers to protect the data
from unwanted users who are ready to grab your credential data.
WhatsApp said five of the issues were fixed on a single day but the remaining bugs took some time to resolve. Albeit a portion of the bugs could have been distantly set off, the organization said it found no proof of programmers effectively abusing the weaknesses.
Around 33% of the new weaknesses were accounted for through the organization’s Bug Bounty Program, while the others were found in routine code audits and by utilizing robotized frameworks, as would be normal.
The new site was dispatched as a feature of the organization’s endeavors to be more straightforward about weaknesses focusing on the informing application and in light of client criticism. The organization says the WhatsApp people group has been requesting a unified area for the following security weaknesses, as WhatsApp isn’t generally ready to detail its security warnings in an application’s delivery notes due to application store arrangements.
