CERT-In has put the severity of the threat on WhatsApp as "high".
New Delhi: The government's nodal cyber security agency to combat hacking, phishing and to fortify security-related defences online has warned of a "vulenrabilty" on WhatsApp that could be spread by an MP4 file. The advisory comes weeks after a global snooping scandal on the messaging platform came to light.
"A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the target system," an advisory by the Computer Emergency Response Team-India (CERT-In) said.
The agency has put the severity of the threat as "high".
CERT-In's advisory suggested "upgrading" to the latest version of WhatsApp to combat or tide over the problem.
"A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system." CERT-In said.
Earlier this month, WhatsApp revealed that more than 120 journalists and activists in India have been the target of surveillance by operators using the Israeli spyware Pegasus.
WhatsApp's parent company Facebook, which claimed the snooping took place in April ahead of the national election, has sued NSO, the Israeli firm that made the software. The social media giant claimed that Pegasus was used to target users not just in India, but across 20 nations.
WhatsApp had said that it had informed Indian authorities in May about the privacy and that it worked quickly to resolve it.
Government sources, however, denied the claims, saying WhatsApp only informed them about the vulnerability of their app in "technical jargon" in May and that the company made no mention of Pegasus spyware and Indian users being targeted.
In the last week of September, WhatsApp had given a second alert to Indian authorities, saying 121 Indians were targets of the Israeli spyware, as first reported by the Indian Express and confirmed by sources to NDTV.