This week WhatsApp, Meta‘s messaging app, released an emergency update for both Android and iOS. This was due to the fact that they presented several flaws that could expose devices to being hacked remotely. Learn more details below.
A couple of bugs in WhatsApp were fixed by Meta
By the end of the month, WhatsApp had to solve 2 serious flaws that put vulnerable devices at risk, since they could be hacked remotely through an executable code, which, depending on the flaw, could be activated in different ways. The first flaw is described by The Hacker News as:
“One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts WhatsApp and WhatsApp Business for Android and iOS prior to versions 126.96.36.199.”
The other vulnerability has a lower score: CVSS score: 7.8, being identified as CVE-2022-27492. This refers to “an opposite category of errors that occur when the result of an operation is too small for storing the value within the allocated memory space.” All you need is a very well-developed video file to be activated.
Exploiting integer overflows and underflows is going one step further to infect devices, causing unexpected problems, memory corruption, and allowing cybercriminals to execute external code. According to the Malwarebytes firm, both flaws could be achieved in two components called Video Call Handler and Video File Handler.
For its part, WhatsApp did not give details about the flaws or how they were solved. They only told The Hacker News the following: “We discovered [the flaws] ourselves and there was no evidence of exploitation.” Vulnerabilities in the Meta messaging app can be very harmful and, at the same time, very lucrative for hackers. All WhatsApp users are asked to update the app immediately to keep their devices safe.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Foto de Alexander Shatov en Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp