Two WhatsApp bugs for Android and iOS that might allow remote code execution on weak devices have been fixed with security updates.
One of these involves WhatsApp’s serious integer overflow vulnerability CVE-2022-36934 (CVSS score: 9.8). This allows arbitrary code to be executed only by starting a video conversation.
Prior to version 2.22.16.12, the problem affects WhatsApp and WhatsApp Business for Android and iOS.
An integer underflow bug is the opposite category of errors that happens when the outcome of an operation is too tiny for storing the value within the allocated memory space. This was also fixed by the Meta-owned messaging system.
It affects WhatsApp for Android before version 2.22.16.2 and WhatsApp for iOS prior to version 2.22.15.9. The vulnerability has the CVE identifier CVE-2022-27492 (CVSS score: 7.8). It could be activated by receiving a specially constructed video file.
A first step toward causing undesirable behavior, such as unexpected crashes, memory corruption, and code execution. It is to exploit integer overflows and underflows.
More information about the flaws was withheld by WhatsApp. But cybersecurity company Malwarebytes said that they are present in two parts known as Video Call Handler and Video File Handler. They might allow an attacker to take over the programme.
When trying to install malicious software on infected devices, threat actors may find WhatsApp vulnerabilities to be a lucrative attack vector. The Israeli spyware manufacturer NSO Group used an audio calling weakness in 2019 to insert the Pegasus spyware.
