Thursday, June 8, 2023
HomeNewsWhatsApp Bugs fixed that could lead to Remote Hacking

WhatsApp Bugs fixed that could lead to Remote Hacking

- Advertisement -

WhatsApp has recently released security updates for iOS and Android platforms to arrest two flaws that could result in remote code execution on susceptible devices. CVE-2022-36934 (CVSS score: 9.8), which is one of the concerns is a critical overflow vulnerability in the most popular messaging app.

Hacking via video call?

It can lead to the execution of arbitrary code just by establishing a video call. This issue affects WhatsApp and WhatsApp Business versions before of iOS and Android.

Patch up

The Meta-owned platform also patched an integer underflow bug, which concerns an opposite category of errors. It happens when the result of an operation is too small to store the value within the memory space allocated.

Trigger factor

This high-severity issue is given the CVE identifier CVE-2022-27492 (CVSS score: 7.8). It affects WhatsApp Android versions before and WhatsApp iOS version It could get triggered by receiving a video file crafted in a specific way.

- Advertisement -

Watch this YouTube video:


Manipulations of integer overflows and underflows are done to induce undesirable behavior, leading to unexpected crashes, code execution, and memory corruption.

More info

Although WhatsApp did not share more about these vulnerabilities as per Malwarebytes, a cybersecurity firm, they reside in two components known as Video File Handler and video Call Handler. These could allow an attacker to gain control of the messaging platform.

Good news for hackers

Such vulnerabilities are rewarding attack vectors for threat actors who want to plant malicious software on compromised devices. In 2019, the Israeli spyware maker NSO Group took advantage of the audio calling flaw to inject the Pegasus spyware.

- Advertisement -
- Advertisment -

Most Popular