WhatsApp reveals critical vulnerabilities in older app versions that allow attacker to exploit phones via video call


WhatsApp, Meta’s instant messaging and calling service, has released details of a “critical” vulnerability that has been patched in a newer version of the app, but could still affect older installed versions that don’t have not been updated.

Details about the vulnerability were revealed in a September update to WhatsApp’s security advisories page affecting the app and were revealed on September 23.

WhatsApp, in the update, shared a detailed issue related to the CVE-2022-36934 vulnerability that “integer overflow in WhatsApp for Android before v2.22.16.12, Business for Android before v2. 22.16.12, iOS before v2.22.16.12, Business for iOS before v2.22.16.12 could lead to remote code execution in an established video call.”

According to the details, the bug would allow an attacker to exploit integer overflow, after which he could gain access to run his own code on a victim’s smartphone via a specially crafted video call.

This vulnerability has been assigned a severity score of 9.8 out of 10 on the CVE scale.

In the same security advisory update, WhatsApp also explained another vulnerability, CVE-2022-27492. According to the social media company, “An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have resulted in remote code execution when receiving messages. ‘a designed video file’.

That said, the bug would allow attackers to run code on the victim’s smartphone using a malicious video file. The vulnerability was rated 7.8 out of 10.

In an India-related development for the social media platform, the head of WhatsApp’s payments business in India, Manesh Mahatme, has stepped down after more than a year with the Meta Platforms-owned company to join Amazon India, a source told Reuters on Thursday.

Mahatme’s exit comes at a critical time for WhatsApp, which is looking to accelerate its payment service in a highly competitive market and lock horns with more established players such as Alphabet’s Google Pay, Ant Group-backed Paytm and PhonePe. from Walmart.

During its stint at WhatsApp Pay, the company won regulatory approval to more than double its payment offering to 100 million users in India, its biggest market with more than half a billion users in India. total.


Affiliate links may be generated automatically – see our ethics statement for details.

Tech

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button