In a current version of the programme, WhatsApp, Meta’s instant messaging and phone service, has patched a critical vulnerability, although previously installed versions of the software that have not been updated may still be affected.
On September 23, information about the vulnerability was made public in an update to WhatsApp’s website on security warnings impacting the service.
“An integer overflow in WhatsApp for Android before v2.22.16.12, Business for Android before v2.22.16.12, iOS before v2.22.16.12, and Business for iOS before v2.22.16.12 could result in remote code execution in an established video call,” according to a detailed issue shared by WhatsApp in the update regarding vulnerability CVE-2022-36934.
The problem would allow an attacker to take advantage of an integer overflow, after which they could access a victim’s smartphone through a carefully made video call and run their code.
On the CVE scale, this vulnerability gets a severity rating of 9.8 out of 10.
WhatsApp also addressed another issue, CVE-2022-27492, in the same security advisory update. The social media company claims that when receiving a specially designed video file, “An integer underflow in WhatsApp for Android before v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.”
Having said that, a malicious video file could be used by attackers to execute the code on the victim’s smartphone due to a flaw. The weakness received 7.8 out of 10 ratings.
Here’s what you can do:
Update the app to the most recent version. Users who are still using an outdated version of the software must do so right away.
(With inputs from Agencies)
