Cert-In Warns of WhatsApp Security Flaw: What QA Teams Need to Know

Cert-In, a cybersecurity agency, issued a warning about significant security vulnerabilities in certain versions of WhatsApp on iPhone, Android, and Windows platforms, which could allow hackers to exploit attachment filename errors and AI-generated message checks to install malware via spoofed file types or malicious URLs. Despite being categorized as medium severity, the issue is critical due to WhatsApp's vast user base, prompting the company to release updates to resolve the flaws, which were initially discovered through its bug bounty program with no evidence of exploitation. The incident underscores the importance of rigorous security testing, including negative testing and platform consistency, during app development to prevent potential threats and maintain credibility. It highlights the necessity for QA teams to incorporate comprehensive security checks early in the development process, known as shift-left testing, to identify vulnerabilities before release and enhance overall reliability.