• Home
  • Apps
  • Apps News
  • WhatsApp Reports 6 Previously Undisclosed Vulnerabilities on New Security Site

WhatsApp Reports 6 Previously Undisclosed Vulnerabilities on New Security Site

Of the six new vulnerabilities fixed by WhatsApp, four existed in WhatsApp for Android, with two being a part of its iPhone client.

WhatsApp Reports 6 Previously Undisclosed Vulnerabilities on New Security Site

WhatsApp has created its security advisory site to be more transparent towards fixing security issues

  • WhatsApp has created its new site to list all flaws under one roof
  • The messaging app has been in focus of hackers for quite some time
  • Facebook also announced its third-party vulnerability disclosure policy

WhatsApp has revealed six new vulnerabilities that were previously undisclosed and have now been fixed. The Facebook-owned company reported the vulnerabilities on its newly created security advisory webpage that will serve as a single destination to highlight all the security issues spotted and fixed on WhatsApp and reveal associated Common Vulnerabilities and Exposures (CVE). The new development by WhatsApp is aimed to help the technology community benefit from its latest security updates and be more transparent towards notifying users about the flaws and vulnerabilities fixed on the platform.

Of the six new vulnerabilities fixed by WhatsApp, four existed in WhatsApp for Android, with two being a part of its iPhone client, while the remaining two were specifically related to WhatsApp Desktop versions prior to v0.3.4932, as reported on the security advisory site. Two third of the new vulnerabilities were found internally — through code review or automated dynamic analysis — and one third were reported through the bug bounty programme conducted by Facebook.

WhatsApp will be able to continue the practice of revealing vulnerabilities through its newly created security advisory site. This will detail the security issues that the company isn't able to mention in the app release notes of the updates due to the policies and practices of app stores.

The growing presence of WhatsApp that already has over 200 crore users globally has brought it in the focus of hackers around the world. In some past instances, bad actors were able to exploit the app to manipulate messages of users and even snoop their phones. The WhatsApp team itself reported a dozen of security vulnerabilities that were fixed last year, as per the entries listed on the US National Vulnerability Database (NVD).

Thus, it makes sense for WhatsApp to have a dedicated security advisory site where it can list all the security issues under one roof. The arrival of the new site also suggests that the security team behind the world's most popular messaging app could focus more on identifying and patching flaws to resist past issues.

“We are very committed to transparency and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts,” WhatsApp wrote on its security advisory site.

In addition to the new site, WhatsApp parent Facebook has announced its vulnerability disclosure policy that will allow the social media giant to publicly disclose the vulnerabilities it found in a third-party code after 21 days of its reporting.

“Facebook will contact the appropriate responsible party and inform them as quickly as reasonably possible of a security vulnerability we've found. We expect the third party to respond within 21 days to let us know how the issue is being mitigated to protect the impacted people. If we don't hear back within 21 days after reporting, Facebook reserves the right to disclose the vulnerability,” the company said in its advisory related to the new policy.

Companies including Google and Microsoft already have a similar mechanism in place for some time through which they report and disclose vulnerability in third-party offerings.

In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: WhatsApp security, WhatsApp, Facebook
Jagmeet Singh
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a principal correspondent for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
World 'Not Yet Ready' for Embryo Gene-Editing, Say Experts
WhatsApp to Bring New Tones for Call Terminate and Group Calls, Expiring Messages Still in The Works
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2022. All rights reserved.