WhatsApp in 2019 disclosed 12 major vulnerabilities, which is considerably higher than the one or two security flaws it reported in the years past. All of these were major vulnerabilities recorded on the US National Vulnerability Database (NVD).
According to the NVD, out of the 12 major vulnerabilities, seven were classified as ‘critical’. Two of these vulnerabilities caused major issues, which include the hacking of Amazon CEO, Jeff Bezos’ smartphone and the alleged snooping of human rights activists and journalists in India via an Israeli spyware called Pegasus.
The first vulnerability was the CVE-2019-3568 bug which was marked as critical. It was discovered inside of the app’s VoIP (voice-over-Internet-protocol) stack, that allowed attackers to control and execute malicious code on smartphones remotely.
Then there was the CVE-2019-11933 vulnerability, which was a heap buffer overflow bug that impacted WhatsApp for Android prior to version 2.19.291. With it, attackers could execute malicious code or cause a denial of service.
One of the major security issues, which impacted WhatsApp largely in 2019 was the Pegasus spyware, which exploited the app’s video calling system. It also allegedly helped the governments hack into mobile devices of more than 100 people worldwide, which included journalists and human rights workers.
A recent checkpoint report, revealed a bug, which could have allowed attackers to crash WhatsApp by delivering a malicious group message. It could cause a crash loop, which would end in WhatsApp becoming unusable for the effected person.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines