WhatsApp posted the details of one “critical” vulnerability which he corrected in a newer version of the App, but which may still affect older, out-of-date versions. The details were disclosed in a September update of WhatsApp’s security advisories page, and then released on the 23rd of the same month. Let’s go then to understand what it is about in detail.
WhatsApp: a “critical” vulnerability identified in older versions of the App
According to WhatsApp, the “critical” vulnerability would allow an attacker to exploit a code error known as integer overflow. This would effectively allow hackers to execute their code on a victim’s smartphone after sending a specially crafted video call. A system used quite often by attackers. Once identified, the vulnerability was assigned an identification number CVE-2022-36934 in the national database. And a score of gravity of 9.8 are 10 on the CVE scale, which equates to the highest possible, “critical” threat level.
In the same security warning update, WhatsApp also shared the details of another vulnerability, CVE-2022-27492which would allow attackers to execute code after submitting a malicious video file. This vulnerability, on the other hand, was rated 7.8 out of 10, equal to a “high” severity level. What matters, however, is that both vulnerabilities have been fixed in the recently updated versions of WhatsApp. And, indeed, they should already be resolved in any App installation set for automatic update. In any case, the security warning indicates that the vulnerabilities concern:
- WhatsApp for Android before v2.22.16.12
- WhatsApp Business for Android before v2.22.16.12
- WhatsApp for iOS prior to v2.22.16.12
- WhatsApp Business for iOS prior to v2.22.16.12.
At this point, all you have to do is check if your WhatsApp version is updated or not, in order to avoid the aforementioned vulnerabilities.
Leave a Reply
View Comments