The Indian Computer Emergency Response Team (CERT-In) on Tuesday released notes for multiple security bugs in WhatsApp which could be exploited by remote attackers to execute arbitrary code on affected versions of the software.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Attackers could exploit these security bugs to execute remote code during an established video call, or send a maliciously crafted video file to targeted systems.
Successful exploitation of these bugs could allow attackers to run malicious code on affected devices, thereby compromising their security.
CERT-In in its vulnerability notes placed the security bugs in the high severity rating and shared that the bugs in WhatsApp were found to exist due to integer overflow.
Integer overflow in a computer programme occurs when an arithmetic operation attempts to create a value which might be either higher or lower than the range that can be represented numerically within the bounds of the programme.
The security bugs were found to affect both business and normal versions of WhatsApp, on Android as well as iOS.
WhatsApp regularly releases updates fixing security bugs and introducing new features.
Earlier this week, Meta CEO Mark Zuckerberg had announced that WhatsApp will be rolling out support for “call links” and increasing the number of participants in a group video call.