WhatsApp has launched security updates to address two flaws in its messaging application for Android and iOS that could direct to remote code execution on susceptible devices.
1 of them problems CVE-2022-36934 (CVSS rating: 9.8), a critical integer overflow vulnerability in WhatsApp that benefits in the execution of arbitrary code simply just by setting up a video clip connect with.
The issue impacts the WhatsApp and WhatsApp Business enterprise for Android and iOS prior to variations 2.22.16.12.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite group of errors that arise when the end result of an operation is far too modest for storing the price within the allotted memory place.
The substantial-severity issue, presented the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), influences WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be induced on receiving a specifically crafted online video file.
Exploiting integer overflows and underflows are a stepping stone in direction of inducing unwanted behavior, producing unanticipated crashes, memory corruption, and code execution.
WhatsApp did not share much more specifics on the vulnerabilities, but cybersecurity business Malwarebytes mentioned that they reside in two elements named Movie Get in touch with Handler and Movie File Handler, which could permit an attacker to seize control of the app.
Vulnerabilities on WhatsApp can be a rewarding attack vector for menace actors on the lookout to plant destructive software package on compromised equipment. In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spy ware.
Discovered this post interesting? Follow THN on Fb, Twitter and LinkedIn to study far more special written content we article.
Some elements of this short article are sourced from:
thehackernews.com
Lazarus Group Targets MacOS Users Seeking Crypto Jobs