has issued fixes for two security vulnerabilities impacting its app, one of which has been given a "critical" rating, according to TechCrunch
Threat actors could exploit the critical integer overflow flaw, tracked as CVE-2022-36934 and found within WhatsApp's Video Call Handler component, to facilitate total app takeover, according to Malwarebytes. Such a bug, which has "no evidence of exploitation," resembles a vulnerability in WhatsApp's audio calling feature discovered in 2019 which had been abused to target devices of 1,400 individuals.
Meanwhile, the high-severity flaw, tracked as CVE-2022-27492, could be exploited by attackers to enable malicious code on an iOS device following malicious video file delivery.
"The manipulation with an unknown input leads to a memory corruption vulnerability. To exploit this vulnerability, attackers would have to drop a crafted video file on the users WhatsApp messenger and convince the user to play it," said Malwarebytes intelligence researcher Pieter Arntz.
Immediate updates have been advised for WhatsApp users.