Application security, Endpoint/Device Security

WhatsApp vulnerabilities addressed

WhatsApp has issued fixes for two security vulnerabilities impacting its app, one of which has been given a "critical" rating, according to TechCrunch. Threat actors could exploit the critical integer overflow flaw, tracked as CVE-2022-36934 and found within WhatsApp's Video Call Handler component, to facilitate total app takeover, according to Malwarebytes. Such a bug, which has "no evidence of exploitation," resembles a vulnerability in WhatsApp's audio calling feature discovered in 2019 which had been abused to target devices of 1,400 individuals. Meanwhile, the high-severity flaw, tracked as CVE-2022-27492, could be exploited by attackers to enable malicious code on an iOS device following malicious video file delivery. "The manipulation with an unknown input leads to a memory corruption vulnerability. To exploit this vulnerability, attackers would have to drop a crafted video file on the users WhatsApp messenger and convince the user to play it," said Malwarebytes intelligence researcher Pieter Arntz. Immediate updates have been advised for WhatsApp users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.