Cybercriminals can attack iOS WhatsApp users via Apple's Siri, CERT-In says

Updating the app's software to the latest one could help mitigate the vulnerabilities, MeitY recommended.   | Photo Credit: Reuters

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Cybercriminals can exploit WhatsApp users through Apple's voice command feature Siri due to glitches in the app.

Multiple vulnerabilities in WhatsApp and WhatsApp Business for iOS could allow a remote attacker to bypass security restrictions or execute arbitrary code on the user's system, the Indian Computer Emergency Response Team (CERT-In) said in a statement.

The CERT-In falls under the Ministry of Electronics and Information Technology (MeitY).

The team spotted a glitch in the Screen Lock feature in both apps. An attacker could exploit this vulnerability by using Apple's Siri feature to communicate even after the phone is locked.

Also read | Hackers can exploit Zoom users by noticing shoulder movements, report says

The team also noted a vulnerability in the app's logging library. This could enable a cybercriminal to send specially crafted animated sticker to the target user while placing WhatsApp video call on hold. This could result in phone memory corruption, denial-of-service conditions, and execution of remote code.

Updating the app's software to the latest one could help mitigate the vulnerabilities, CERT-In recommended.

Earlier in September, the nodal agency governing cyberattacks had issued warnings against security glitches in WhatsApp in multiple devices including Android, iPhone, and desktop versions.

These vulnerabilities could allow attackers to execute remote code, and perform cross-site scripting which involves inputting a malicious script into a user's web browser, the team said.

Our code of editorial values

Related Topics
This article is closed for comments.
Please Email the Editor

Printable version | Aug 5, 2021 12:10:57 AM |

Next Story