Facebook to list all WhatsApp security issues on a new dedicated website

1156386758-gi.jpg_thump

Facebook will launch today a new web page where the company plans to list all the vulnerabilities that have been identified and patched in the WhatsApp instant messaging service.

The app maker regularly publishes WhatsApp release notes on the iOS and Google Play Store pages; however, these changelogs don’t go into detailed descriptions of the patched security bugs, most of which are described only as “security fixes.”

Facebook says this is “due to the policies and practices of app stores,” but hopes the new page will effectively work as a security-focused changelog for interested users.

Details that will be listed on Facebook’s new WhatsApp security advisories page will include a short description of the bug, and a Common Vulnerabilities and Exposures (CVE) identifier, where possible.

CVE numbers are meant for security researchers who want to track bugs, possible exploitation attempts in the real-world, or for security firms that want to issue security alerts to their own customers.

Facebook said that bugs listed on this page don’t necessarily mean they have been exploited in the wild. All the vulnerabilities listed on the site are bugs that have been recently patched, and the new page should stand as an example and warning to why users need to keep the WhatsApp app up-to-date at all times in order to prevent future attacks.

In addition, the new WhatsApp security advisories page will also list bugs patched in libraries used by the app.

If these bugs have a broader impact, outside of the WhatsApp app, then Facebook said it would also notify the developers of those libraries and mobile OS makers.

“We are very committed to transparency and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts,” Facebook said today.

“We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available.”

 

Source:-zdnet