WhatsApp patches major security bug that put your data at risk

WhatsApp in its latest advisory informs of two remote code execution critical vulnerabilities that could user data of those using older app versions at risk. The chat company has patched the “critical” security vulnerability that could allow malicious minds to remotely install malware on a victim’s smartphone via a crafted video file.

WhatsApp identifies one of the flaws as CVE-2022-36934 describing it as an integer overflow issue that affects WhatsApp for Android prior to 2.22.16.12, Business for Android prior to 2.22.16.12, iOS prior to 2.22.16.12, and Business for iOS prior to 2.22.16.12. WhatsApp says that this bug could “result in remote code execution in an established video call.”

The second flaw, tracked as CVE-2022-27492, is an integer underflow that can be used by hackers to plant a remote code in victim’s phone by sending a specially designed video file to them. WhatsApp has fixed these vulnerabilities for both Android and iOS by releasing the 2.22.16.2 and 2.22.15.9 app versions, respectively. NVD rates this as higher severity with 7.8 score.

WhatsApp has published three advisories this year by now. The first was released in January followed by second in February. In its January update, the chat app revealed of a software vulnerability for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, and WhatsApp Desktop prior to v2.2146 if a user makes a 1:1 call to a malicious actor. The NVD base score for this vulnerability is 9.8 critical.

The February advisory informs about “missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.”

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

WhatsApp patches major security bug that put your data at risk

More in Telecom

Gemini AI rolls out in Google Messages

Telecom Egypt, 4iG sign MoU for fibre broadband in Egypt

Spectrum auction: DoT to issue demand note to telcos this week for payment

Must Read Articles

Budget 2022

HCLTech, Cisco launch pervasive wireless mobility service for enterprises

NTIPRIT, Ghaziabad conducts workshop on “Global Standards & IPR” on World Telecommunication and Information Society Day

Infosys announces multi-year collaboration with Australian telecom giant

M&E stakeholders urge TRAI to exclude OTT, online gaming and music from Broadcasting policy

17 firms under IT hardware PLI to start production this year: IT secy

Indian IT companies become more conservative in FY25 growth projections

TCS chairman N Chandrasekaran says GenAI to create impact not seen or imagined

Software services, BPO/ITeS among top industries hiring entry level staff in India: Report

TRAI move on new broadcasting policy to make India a global content hub: BIF

Subscribe

Archives

You may also like

More in Telecom

Must Read Articles

Subscribe

Archives