WhatsApp Bugs fixed that could lead to Remote Hacking

WhatsApp has recently released security updates for iOS and Android platforms to arrest two flaws that could result in remote code execution on susceptible devices. CVE-2022-36934 (CVSS score: 9.8), which is one of the concerns is a critical overflow vulnerability in the most popular messaging app.

Hacking via video call?

It can lead to the execution of arbitrary code just by establishing a video call. This issue affects WhatsApp and WhatsApp Business versions before 2.22.16.12 of iOS and Android.

Patch up

The Meta-owned platform also patched an integer underflow bug, which concerns an opposite category of errors. It happens when the result of an operation is too small to store the value within the memory space allocated.

- Advertisement -

Trigger factor

This high-severity issue is given the CVE identifier CVE-2022-27492 (CVSS score: 7.8). It affects WhatsApp Android versions before 2.22.16.2 and WhatsApp iOS version 2.22.15.9. It could get triggered by receiving a video file crafted in a specific way.

Watch this YouTube video:

Exploitation

Manipulations of integer overflows and underflows are done to induce undesirable behavior, leading to unexpected crashes, code execution, and memory corruption.

- Advertisement -

More info

Although WhatsApp did not share more about these vulnerabilities as per Malwarebytes, a cybersecurity firm, they reside in two components known as Video File Handler and video Call Handler. These could allow an attacker to gain control of the messaging platform.

Good news for hackers

Such vulnerabilities are rewarding attack vectors for threat actors who want to plant malicious software on compromised devices. In 2019, the Israeli spyware maker NSO Group took advantage of the audio calling flaw to inject the Pegasus spyware.

- Advertisement -
Dipanita Bhowmick
Dipanita Bhowmick
Dipanita Bhowmick: I am a content writer with 13+ years of experience in various genres, allowing me to adapt my writing style to diverse topics and audiences. Alongside my passion for creating engaging content, I have a deep interest in esoteric knowledge, constantly exploring the mystical and unconventional realms for inspiration along with spiritual and personal growth.

Related Articles

Stay Connected

2,814FansLike
179FollowersFollow
1,600SubscribersSubscribe

Latest Articles