The Indian government has issued a critical security alert for WhatsApp users, warning of a vulnerability that could allow attackers to access Apple devices through malicious links.
Key Takeaways
- Indian CERT-In warns of critical WhatsApp security flaw affecting Apple devices.
- Vulnerability allows processing of content from arbitrary URLs.
- Update to latest WhatsApp versions immediately to protect your device.
WhatsApp Security Threat Explained
The security vulnerability specifically targets Apple users on both iPhones and Mac computers. According to the CERT-In security bulletin, “This vulnerability exists in WhatsApp due to incomplete validation of rich response messages. An attacker could exploit this flaw to trigger processing of content from an arbitrary URL on a victim’s device.”
WhatsApp has confirmed the security issue in its November update details, stating that incomplete validation in older versions could allow attackers to process media content from arbitrary URLs on another user’s device.
Despite the serious nature of this vulnerability, WhatsApp maintains that these security flaws have not been exploited in the wild, and the company has seen no evidence of active attacks.
Affected WhatsApp Versions
The following WhatsApp versions are vulnerable and require immediate updating:
- WhatsApp for iOS versions prior to 2.25.23.73
- WhatsApp Business for iOS versions prior to 2.25.23.82
- WhatsApp for Mac versions prior to 2.25.23.83
How to Update WhatsApp
To protect your device from this security threat, update WhatsApp immediately using these steps:
- Open WhatsApp and tap your profile picture in the top-right corner
- Scroll down and select ‘App Update’
- Check for available updates and install the latest version
Alternatively, you can visit the App Store directly to check your installed WhatsApp version and download the latest security update for your Apple device.
