WhatsApp is determined to have revealed as many as 12 vulnerabilities in 2019, significantly more crucial than the one or two security defects it proclaimed in the past few years. The latest development gets hot on the heels of the claimed hacking of Amazon CEO Jeff Bezos’ Smartphone that was purportedly due to a WhatsApp loophole.
The hacking, which was reported last week, raised eyebrows for the instant messaging app that was acquired by Facebook in February 2014. WhatsApp also last year faced a controversy in India when a vulnerability was used to allegedly enable snooping of human rights activists and journalists in the country through Israeli spyware called Pegasus.
According to the records accessible on the US National Vulnerability Database (NVD), WhatsApp published 12 vulnerabilities last year. A whole of seven vulnerabilities of the total count was classed as dangerous.
The list of vulnerabilities disclosed by WhatsApp includes the CVE-2019-3568 bug that was marked critical and discovered within the VoIP (voice-over-Internet-protocol) stack of the app in May last year. It allowed hackers to remotely execute malicious code on smartphones.
Similarly, another critical flaw that was tracked by CVE-2019-11933 is a part of the US database. It was described as a heap buffer overflow bug and impacted WhatsApp for Android prior to version 2.19.291. It could permit intruders to perform malicious code or cause a DoS.
Security issues impacted WhatsApp largely in 2019. Spyware Pegasus was spotted exploiting WhatsApp’s video calling system and allegedly helped governments hack into mobile devices of more than 100 people worldwide, including journalists and human rights workers. India was amongst the essential businesses for the spyware that was rendered by Israeli surveillance organization NSO and was supposedly used in May.
An article by Check Point last month also reported a virus that could have enabled attackers to crash WhatsApp by delivering a malicious group message. The virus was identified in August and had the potential to create a crash loop.