India’s main cyber security agency, Cert, has asked users to update WhatsApp on their phones after the discovery of a potential vulnerability on older versions of the messaging app.
The potential issue could have been triggered by a video file sent from an unknown number.WhatsApp said that it had no reason to believe users’ phones were affected.
News of the new issue came soon after WhatsApp admitted that its software was used to install spyware on phones.
Facebook, which owns WhatsApp, had announced the fix for the new vulnerability in the system a few days ago.
Cert said that if users opened the video file, the software installed itself on the phone – in similar fashion to the Pegasus malware, which is believed to have been used against journalists and activists.
The agency added that the vulnerability would have allowed attackers to access phones and make changes to the device, no matter where it was geographically located.
The issue would have required requires users to open the video file, unlike the more sophisticated Pegasus which activated itself through a vulnerability in WhatsApp’s video calling function and did not require the call to be answered.