WhatsApp has launched a security advisory website where the company will reveal the app’s security updates and vulnerabilities. With the launch of the website, WhatsApp has revealed six vulnerabilities that were discovered on the app this year.
These are Common Vulnerabilities and Exposures (CVE) that affected the WhatsApp app on Android, iOS and desktop, and the WhatsApp Business app as well. There’s also an archive section where users can find older vulnerabilities in WhatsApp. All these security bugs have been fixed and WhatsApp will only disclose them once they’ve been patched.
Some of the vulnerabilities discovered include one in WhatsApp Business for Android that could have allowed hackers to remotely load an image through a sticker. Another one involved users answering a malicious video call that could have allowed an out-of-bounds write on the app.
This website helps WhatsApp disclose the app’s vulnerabilities that the company cannot always release within app release notes due to certain restrictions on app stores. WhatsApp said it works with leading security firms to conduct reviews of the app’s security practices. As for external researchers, WhatsApp engages with them through the Facebook Bug Bounty Program. Among the new vulnerabilities, around one-third were identified through the bug bounty program, TechCrunch reported.
Among the six vulnerabilities discovered this year, WhatsApp said it fixed five of them on the same day itself, the report added. Only one took the company a few days to fix. WhatsApp also assured that none of these security bugs were exploited by hackers. The website will be updated on a monthly basis but it may update sooner if there’s an active attack.