26 August 2020
WhatsApp has set up a dedicated page that will detail all security-related disclosures. The page is called WhatsApp Security Advisories which is a self-explanatory name for what it intends to do. It will essentially list all the vulnerabilities discovered and patched by the WhatsApp security team.
As of now, WhatsApp has listed a total of six vulnerabilities that have been fixed. It said that while five of these were patched the same day they were discovered, the remaining one was fixed in two days of time. Most importantly, the team did not find any evidence that these vulnerabilities were actively exploited by hackers.
In the official announcement, WhatsApp said:
"Due to the policies and practices of app stores, we cannot always list security advisories within app release notes. This advisory page provides a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE). Please note that the details included in CVE descriptions are meant to help researchers understand technical scenarios and does not imply users were impacted in this manner."
The advisory will be updated on a monthly basis but if there is an active attack going on, the team might choose to update it at the same time. It will act like a centralized place for accessing all vulnerability related issues of the application that will be helpful to security researchers.