WhatsApp committed to more transparency about their app’s problems, so they released a designated advisory page that aims to keep the users better informed of security flaws.
The Site And Past Issues
WhatsApp has fixed six previously hidden vulnerabilities of the app, revealing that move on the same advisory site that is meant to keep its over 2 million users aware of the present bugs and keep them up to date on the latest security features.
The site is the result of WhatsApp’s attempt to be more transparent about the platform’s vulnerabilities, not only to regular users but also to security engineers and programmers alike, so that they can fix all vulnerabilities fast and not repeat the same mistakes ever again.
An official statement from the company reads:
“We are very committed to transparency, and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts.”
Here are the two most important bugs that were patched:
CVE-2020-1890 – a URL-validation problem in Android versions of the app and its business counterpart that caused the recipient of a sticker message to receive malformed data.
CVE-2019-11928 – an input – validation issue in some WhatsApp Desktop version that allowed cross-site scripting if a user clicked on a link from a designated, altered live location message.
WhatsApp pledged to continue disclosing and patching the bugs “as quickly as possible,” showing that five of the six bugs were patched hours after being discovered.
According to the company, the last issue took a bit more time to fix – a few days.
Some bugs were discovered with FFacebook’sbug-bounty program that also covers WhatsApp.
Other bugs were discovered during code review sessions or by cybersecurity staff or automated system reports.