WhatsApp is found to have disclosed as many as 12 vulnerabilities in 2019, significantly higher than the one or two security flaws it reported in the past few years. The latest discovery comes hot on the heels of the alleged hacking of Amazon founder and CEO Jeff Bezos’ phone that was allegedly due to a WhatsApp loophole. The hacking, which was reported last week, raised eyebrows for the instant messaging app that was acquired by Facebook in February 2014. WhatsApp also last year faced a controversy in India when a vulnerability was used to allegedly enable snooping of human rights activists and journalists in the country through an Israeli spyware called Pegasus.
According to the entries available on the US National Vulnerability Database (NVD), WhatsApp reported 12 vulnerabilities last year. A total of seven vulnerabilities of the total count were classed as “critical”.
The list of vulnerabilities disclosed by WhatsApp include the CVE-2019-3568 bug that was marked critical and discovered within the VoIP (voice-over-Internet-protocol) stack of the app in May last year. It allowed hackers to remotely execute malicious code on smartphones.
Similarly, another critical flaw that was tracked by CVE-2019-11933 is a part of the US database. It was described as a heap buffer overflow bug and impacted WhatsApp for Android prior to version 2.19.291. It could enable attackers to execute malicious code or cause a denial of service.
The database entries were first reported by Financial Times. Gadgets 360 was, however, able to independently verify their existence on the NVD site.
Security issues impacted WhatsApp largely in 2019. Spyware Pegasus was spotted exploiting WhatsApp’s video calling system and allegedly helped governments hack into mobile devices of more than 100 people worldwide, including journalists and human rights workers. India was amongst the key markets for the spyware that was provided by Israeli surveillance company NSO and was allegedly used in May.
A report by Check Point last month also revealed a bug that could have allowed attackers to crash WhatsApp by delivering a malicious group message. The bug was discovered in August and had the potential to cause a crash loop.