The “critical” vulnerability was addressed in a more recent version of WhatsApp, but earlier installations that have not been updated may still be affected, according to information given by WhatsApp.
On September 23, information was made public in a September update to WhatsApp’s website on security warnings impacting the service.
September Update :
CVE-2022-36934
An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.
CVE-2022-27492
An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.
he critical flaw would enable an attacker to send a specially crafted video call to a victim and then run their own code on the victim’s smartphone by taking advantage of a programming issue known as an integer overflow. Installing malware, spyware, or other malicious software on a target system requires the usage of remote code execution vulnerabilities because they provide an entry point for attackers that they may exploit to further corrupt the system.
The freshly discovered vulnerability has been identified as CVE-2022-36934 in the national vulnerability database and has received a severity rating of 9.8 on the CVE scale. This is equivalent to “critical,” the greatest degree of threat.
WhatsApp also provided information on a another vulnerability, CVE-2022-27492, which would enable attackers to run code after transmitting a malicious video file, in the same security advisory update. This vulnerability received a severity rating of “severe,” or 7.8 out of 10.
Both of these flaws have been patched in recent updates of WhatsApp, so any installation of the application that is configured to automatically update should already be resolved (the default setting on most phones). The security alert states that the following are affected by the vulnerabilities:
- WhatsApp for Android prior to v2.22.16.12
- WhatsApp Business for Android prior to v2.22.16.12
- WhatsApp for iOS prior to v2.22.16.12
- WhatsApp Business for iOS prior to v2.22.16.12
Besides protecting against possible hacking exploits, there are more reasons to keep your WhatsApp installation updated. On Monday, the company announced that it was rolling out a new feature that will let users share a one-click link to join a group call and also testing the implementation of 32-person encrypted video chats.
The bug, which has been patched in newer versions of the app, would let an attacker execute malicious code after sending a specially crafted video call