WhatsApp has launched safety updates to deal with two flaws in its messaging app for Android and iOS that would result in distant code execution on weak units.
One among them considerations CVE-2022-36934 (CVSS rating: 9.8), a important integer overflow vulnerability in WhatsApp that leads to the execution of arbitrary code just by establishing a video name.
The problem impacts the WhatsApp and WhatsApp Enterprise for Android and iOS previous to variations 2.22.16.12.
Additionally patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an reverse class of errors that happen when the results of an operation is just too small for storing the worth throughout the allotted reminiscence house.
The high-severity problem, given the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), impacts WhatsApp for Android previous to variations 2.22.16.2 and WhatsApp for iOS model 2.22.15.9, and might be triggered upon receiving a specifically crafted video file.
Exploiting integer overflows and underflows are a stepping stone in the direction of inducing undesirable habits, inflicting sudden crashes, reminiscence corruption, and code execution.
WhatsApp didn’t share extra specifics on the vulnerabilities, however cybersecurity agency Malwarebytes stated that they reside in two parts known as Video Name Handler and Video File Handler, which might allow an attacker to grab management of the app.
Vulnerabilities on WhatsApp generally is a profitable assault vector for risk actors seeking to plant malicious software program on compromised units. In 2019, an audio calling flaw was exploited by the Israeli spy ware maker NSO Group to inject the Pegasus spy ware.
