WhatsApp has launched security updates to address two flaws in its messaging application for Android and iOS that could direct to remote code execution on susceptible devices.
1 of them problems CVE-2022-36934 (CVSS rating: 9.8), a critical integer overflow vulnerability in WhatsApp that benefits in the execution of arbitrary code simply just by setting up a video clip connect with.
The issue impacts the WhatsApp and WhatsApp Business enterprise for Android and iOS prior to variations 22.214.171.124.
Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite group of errors that arise when the end result of an operation is far too modest for storing the price within the allotted memory place.
The substantial-severity issue, presented the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), influences WhatsApp for Android prior to versions 126.96.36.199 and WhatsApp for iOS version 188.8.131.52, and could be induced on receiving a specifically crafted online video file.
Exploiting integer overflows and underflows are a stepping stone in direction of inducing unwanted behavior, producing unanticipated crashes, memory corruption, and code execution.
WhatsApp did not share much more specifics on the vulnerabilities, but cybersecurity business Malwarebytes mentioned that they reside in two elements named Movie Get in touch with Handler and Movie File Handler, which could permit an attacker to seize control of the app.
Vulnerabilities on WhatsApp can be a rewarding attack vector for menace actors on the lookout to plant destructive software package on compromised equipment. In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spy ware.
Discovered this post interesting? Follow THN on Fb, Twitter and LinkedIn to study far more special written content we article.
Some elements of this short article are sourced from: