WhatsApp fixes critical vulnerabilities in newer version of app

By Olivia Nnorom

WhatsApp, Meta’s instant messaging and calling service, has published details of a ‘critical’ vulnerability which allowed attackers to exploit phones via video calls, that has been patched in a newer version of the app.

The details regarding the vulnerability were revealed in a September update of WhatsApp’s page on security advisories affecting the app and came to light on September 23.

In the update, Watsapp shared a detailed issue related to vulnerability CVE-2022-36934, according to which “an integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call”.

According to the details, the bug would let an attacker exploit integer overflow, after which they can get access to execute their own code on a victim’s smartphone through a specially crafted video call.

This vulnerability has been given a severity score of 9.8 out of 10 on the CVE scale.

In the same security advisory update, WhatsApp also explained another vulnerability, CVE-2022-27492. According to the social media company, an integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.

This bug would let attackers execute the code on the victim’s smartphone using a malicious video file. The vulnerability was scored 7.8 out of 10.