Last Friday (23), developers What’s up? It published a note detailing a dangerous vulnerability found in older versions of Messenger. Although it has already been fixed, it draws attention due to the seriousness of the issue and highlights the importance of the issue. Always keep the official app up to date.
In more detail, it refers to a critical failure, which makes it possible to use an error known as a case. “integer overflow”, English for remote code execution. To gain access, the attacker would need to make a modified video call to the victim’s device, compromising its integrity and granting permission to install. malware in your memory.
The vulnerability entered the US vulnerability database as “CVE-2022-36934” and scored “9.8” on the Common Vulnerabilities and Exposures Dictionary (CVE) severity scale. The result defines the issue as “critical,” the highest threat level.
similar problem
In the same statement, WhatsApp also revealed another vulnerability that has already been patched. Presenting a lower risk than the previous threat, the “CVE-2022-27492” flaw is still considered serious and scores “7.8” on the CVE scale. In it, attackers can remotely execute code after sending a malicious video file to the messenger.
Which versions of WhatsApp are affected?
According to WhatsApp, the following versions are subject to “CVE-2022-36934” and “CVE-2022-27492” flaws:
- WhatsApp for Android on versions older than v2.22.16.12
- WhatsApp Business for Android on versions older than v2.22.16.12
- WhatsApp for iOS versions older than v2.22.16.12
- WhatsApp Business for iOS versions older than v2.22.16.12
Since the issue affects older versions of the application, the user only needs to have the latest version of WhatsApp installed on the mobile phone to avoid the vulnerability.
Source: Tec Mundo
