Security News > 2022 > March > RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!
WhatsApp and BlueJeans are just two of the world's most popular communication apps that are using an open-source library riddled with newfound security holes.
On Monday, devops platform provider JFrog Security disclosed five memory-corruption vulnerabilities in PJSIP, which supplies an API that can be used by IP telephony applications such as voice-over-IP phones and conference apps.
In its technical breakdown, JFrog researchers explained that the PJSIP framework offers a library named PJSUA that supplies an API for SIP applications.
"The basic PJSUA APIs are also wrapped by object-oriented APIs. PJSUA offers a rich Media Manipulation API, where we have spotted the [five] vulnerabilities," they said.
Three of the flaws are stack overflow vulnerabilities that can lead to RCE and which are rated 8.1 on the CVSS severity-rating scale.
"If exploited, such vulnerabilities would have let attackers crash apps using the implementation, by merely placing a video call," noted Ronen Slavin, then head of research at Reason Cybersecurity and currently the co-founder and CTO at the source code control, detection, and response platform Cycode, back in 2019.
News URL
https://threatpost.com/rce-bugs-whatsapp-popular-voip-apps-patch-now/178719/
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)