WhatsApp has revealed six new vulnerabilities that have been fixed, on its newly created security advisory webpage that will serve as a single destination to highlight all the security issues spotted and fixed on WhatsApp and associated Common Vulnerabilities and Exposures (CVE).
According to a report by TechCrunch, WhatsApp has said that five of the six vulnerabilities were fixed on the same day, while it took a couple of days to fix the remaining bugs. The company has said that they have not found any evidence of any hacker exploiting the vulnerabilities.
The report added that while one-third of the vulnerabilities were reported through the company's Bug Bounty Program, the others were discovered during routine code reviews and by using automated systems.
According to the security website, of the six new vulnerabilities fixed by WhatsApp, four existed in WhatsApp for Android, of which two were a part of the iPhone platform. The remaining two were specifically related to WhatsApp Desktop versions before v0.3.4932.
According to Whatsapp, while they cannot list security advisories within app release notes due to policies and practices of the app store, the advisory page provides a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE).
WhatsApp said that the details included in CVE descriptions are meant to help researchers understand technical scenarios and does not mean that users were impacted in this manner.
source https://www.firstpost.com/tech/news-analysis/whatsapp-reports-six-previously-undisclosed-vulnerabilities-on-new-security-advisory-page-8787131.html