WhatsApp has launched security updates to address two flaws in its messaging application for Android and iOS that could direct to remote code execution on susceptible devices.
1 of them problems CVE-2022-36934 (CVSS rating: 9.8), a critical integer overflow vulnerability in WhatsApp that benefits in the execution of arbitrary code simply just by setting up a video clip connect with.
The issue impacts the WhatsApp and WhatsApp Business enterprise for Android and iOS prior to variations 2.22.16.12.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite group of errors that arise when the end result of an operation is far too modest for storing the price within the allotted memory place.
The substantial-severity issue, presented the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), influences WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be induced on receiving a specifically crafted online video file.
Exploiting integer overflows and underflows are a stepping stone in direction of inducing unwanted behavior, producing unanticipated crashes, memory corruption, and code execution.
WhatsApp did not share much more specifics on the vulnerabilities, but cybersecurity business Malwarebytes mentioned that they reside in two elements named Movie Get in touch with Handler and Movie File Handler, which could permit an attacker to seize control of the app.
Vulnerabilities on WhatsApp can be a rewarding attack vector for menace actors on the lookout to plant destructive software package on compromised equipment. In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spy ware.
Discovered this post interesting? Follow THN on Fb, Twitter and LinkedIn to study far more special written content we article.
Some elements of this short article are sourced from:
thehackernews.com
Lazarus Group Targets MacOS Users Seeking Crypto Jobs