WhatsApp security flaws: Facebook’s instant messaging platform WhatsApp recently revealed six vulnerabilities that it had previously kept undisclosed. These vulnerabilities have now been fixed. The messaging platform said that out of the six vulnerabilities, five were fixed in the same day, while the last one was fixed in a few days. The company added that while some bugs could have been triggered remotely, WhatsApp claimed it had not found any evidence of active exploitation of these vulnerabilities by the hackers.
While a third of the new vulnerabilities in WhatsApp came to the company’s notice via its Bug Bounty Program, routine code reviews and automated systems helped in identifying the other bugs.
Instagram wants you to actively explore Reels; adds dedicated tab for users in India
Compaq makes comeback: Deep dive into iconic computer brand's "100% made in India" smart televisions
WhatsApp mulling several new features for iPhone users; here's everything that is coming
The platform is among the most popular and widely-used apps across the world, having a user base that breaches the 200-crore mark. However, that also means that it is one of the biggest targets for hackers, who are constantly on the lookout for vulnerabilities that they can exploit.
The vulnerabilities were reported on a dedicated website set up by WhatsApp for security advisory, and the website aims to provide a list of security updates from WhatsApp and the common vulnerabilities and exposures (CVE) associated with them.
The launch of the website was a part of WhatsApp’s efforts to be more transparent about bugs and vulnerabilities that targeted it, and it was also in response to user feedback. WhatsApp said that the community had been asking for a platform to track the security vulnerabilities, since the company wasn’t always able to detail the security advisories in its app’s release notes.
As per the company, this dashboard would be updated once a month, unless it was under an active attack that the users needed to be informed about immediately. The dashboard would also consist of CVE archives dating back to 2018.