Thursday, December 8

WhatsApp has a serious vulnerability in some versions | Digital Trends Spanish

Users of WhatsApp who have outdated versions of the messaging app should be alert, because a report indicates a serious security problem.

Details were revealed in a September update to the WhatsApp page on security notices affecting the application and came to light on September 23.

The critical bug would allow an attacker to exploit a code bug known as integer overflow, which would allow them to run their own code on a victim’s smartphone after sending a specially crafted video call. Remote code execution vulnerabilities are a key step in installing malware, spyware, or other malicious applications on a target system, as they give attackers a foot in the door that can be used to further compromise the machine using techniques such as privilege escalation attacks.

The newly disclosed vulnerability has been assigned the identification number CVE-2022-36934 in the National Vulnerability Database and has been given a severity score of 9.8 out of 10 on the CVE scale. This equates to the highest possible threat level: “critical”.

WhatsApp also shared details of another vulnerability, CVE-2022-27492, which would allow attackers to execute code after submitting a malicious video file. This vulnerability was rated 7.8 out of 10, or a severity level of “high”.

WhatsApp systems with security problems:

  • WhatsApp for Android before v2.22.16.12
  • WhatsApp Business for Android older than v2.22.16.12
  • WhatsApp for iOS before v2.22.16.12
  • WhatsApp Business for iOS older than version

Publisher Recommendations