One of these involves WhatsApp’s serious integer overflow vulnerability CVE-2022-36934 (CVSS score: 9.8). This allows arbitrary code to be executed only by starting a video conversation.
Prior to version 22.214.171.124, the problem affects WhatsApp and WhatsApp Business for Android and iOS.
An integer underflow bug is the opposite category of errors that happens when the outcome of an operation is too tiny for storing the value within the allocated memory space. This was also fixed by the Meta-owned messaging system.
It affects WhatsApp for Android before version 126.96.36.199 and WhatsApp for iOS prior to version 188.8.131.52. The vulnerability has the CVE identifier CVE-2022-27492 (CVSS score: 7.8). It could be activated by receiving a specially constructed video file.
More information about the flaws was withheld by WhatsApp. But cybersecurity company Malwarebytes said that they are present in two parts known as Video Call Handler and Video File Handler. They might allow an attacker to take over the programme.
When trying to install malicious software on infected devices, threat actors may find WhatsApp vulnerabilities to be a lucrative attack vector. The Israeli spyware manufacturer NSO Group used an audio calling weakness in 2019 to insert the Pegasus spyware.