Security News > 2022 > September > Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely
One of them concerns CVE-2022-36934, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.
The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.
Exploiting integer overflows and underflows are a stepping stone towards inducing undesirable behavior, causing unexpected crashes, memory corruption, and code execution.
WhatsApp did not share more specifics on the vulnerabilities, but cybersecurity firm Malwarebytes said that they reside in two components called Video Call Handler and Video File Handler, which could permit an attacker to seize control of the app.
Vulnerabilities on WhatsApp can be a lucrative attack vector for threat actors looking to plant malicious software on compromised devices.
In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spyware.
News URL
https://thehackernews.com/2022/09/critical-whatsapp-bugs-could-have-let.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-22 | CVE-2022-36934 | Integer Overflow or Wraparound vulnerability in Whatsapp An integer overflow in WhatsApp could result in remote code execution in an established video call. | 9.8 |