WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices.

One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.

The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions


Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite category of errors that occur when the result of an operation is too small for storing the value within the allocated memory space.

The high-severity issue, given the CVE identifier CVE-2022-27492 (CVSS score: 7.8), affects WhatsApp for Android prior to versions and WhatsApp for iOS version, and could be triggered upon receiving a specially crafted video file.

Exploiting integer overflows and underflows are a stepping stone towards inducing undesirable behavior, causing unexpected crashes, memory corruption, and code execution.


WhatsApp did not share more specifics on the vulnerabilities, but cybersecurity firm Malwarebytes said that they reside in two components called Video Call Handler and Video File Handler, which could permit an attacker to seize control of the app.

Vulnerabilities on WhatsApp can be a lucrative attack vector for threat actors looking to plant malicious software on compromised devices. In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spyware.


Products You May Like

Articles You May Like

Number of landlords selling up rises by nearly 13% in four months
Here are the Best Romance Novels of 2022, According to the New York Times
Taylor Swift Fans Are Suing Ticketmaster Over Botched ‘Eras Tour’ Sale
‘Gone Girl’ Actress Lisa Banes’ Killer Gets One to Three Year Sentence
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *