Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

2022-09-28 05:03

One of them concerns CVE-2022-36934, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.

The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.

Exploiting integer overflows and underflows are a stepping stone towards inducing undesirable behavior, causing unexpected crashes, memory corruption, and code execution.

WhatsApp did not share more specifics on the vulnerabilities, but cybersecurity firm Malwarebytes said that they reside in two components called Video Call Handler and Video File Handler, which could permit an attacker to seize control of the app.

Vulnerabilities on WhatsApp can be a lucrative attack vector for threat actors looking to plant malicious software on compromised devices.

In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spyware.

News URL

https://thehackernews.com/2022/09/critical-whatsapp-bugs-could-have-let.html

#critical #hack #whatsapp #CVE-2022-36934

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-22	CVE-2022-36934	Integer Overflow or Wraparound vulnerability in Whatsapp An integer overflow in WhatsApp could result in remote code execution in an established video call. whatsapp CWE-190	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Whatsapp		5	1	23	14	1	39

News URL

Related news

Related Vulnerability

Related vendor