WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

WhatsApp said both vulnerabilities were responsibly disclosed by unnamed researchers through the Meta bug bounty program.The company says there is no evidence of exploitation in the wild.Related:$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own WithdrawalRelated:Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchRelated:Vulnerability Allowed Scraping of 3.5 Billion WhatsApp AccountsRelated:WhatsApp Boosts Account Security for At-Risk Individuals

The company says there is no evidence of exploitation in the wild.Related:$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own WithdrawalRelated:Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchRelated:Vulnerability Allowed Scraping of 3.5 Billion WhatsApp AccountsRelated:WhatsApp Boosts Account Security for At-Risk Individuals

Related:$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own WithdrawalRelated:Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchRelated:Vulnerability Allowed Scraping of 3.5 Billion WhatsApp AccountsRelated:WhatsApp Boosts Account Security for At-Risk Individuals

Related:Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchRelated:Vulnerability Allowed Scraping of 3.5 Billion WhatsApp AccountsRelated:WhatsApp Boosts Account Security for At-Risk Individuals

Related:Vulnerability Allowed Scraping of 3.5 Billion WhatsApp AccountsRelated:WhatsApp Boosts Account Security for At-Risk Individuals

Related:WhatsApp Boosts Account Security for At-Risk Individuals

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Jacki Monson has joined CVS Health as SVP, Deputy CISO.

Source: SecurityWeek