CERT-In Warns of WhatsApp Flaws That Could Enable Cyber Attacks

India’s cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has warned users about several security flaws in WhatsApp that could expose devices to cyber attacks.

According to the advisory, these vulnerabilities may allow attackers to gain unauthorised access to a user’s device or even compromise the entire system.

The risk comes from specially designed malicious files that can be sent through the app.

CERT-In said attackers can exploit these flaws by sending attachments that appear normal but contain hidden harmful code. Once such a file is opened, it may run malicious actions without the user realising it.

The agency explained that the vulnerabilities could let hackers spoof file types, execute arbitrary code, and bypass existing security protections.

In some cases, attackers may also trick the app into loading harmful content from external sources under their control.

These issues are linked to weaknesses in how WhatsApp handles certain files and messages. Improper validation of attachments and external media links creates an opportunity for cybercriminals to exploit the system.

The warning applies to multiple versions of WhatsApp across platforms, including Android, iOS, and Windows. Users running older or affected versions are considered vulnerable.

CERT-In has rated the severity of these vulnerabilities as “medium,” but noted that the impact could still be serious if exploited successfully.

Users are advised to stay cautious while opening unknown files or links and to update their apps to the latest version to reduce the risk of cyber attacks.

Keeping software updated is one of the most effective ways to stay protected from such vulnerabilities.

There have been instances in the past that application loopholes were used by scamsters to take undue advantage of users data.