WhatsApp has produced security updates to deal with two flaws in its messaging app for Android and iOS that could direct to distant code execution on susceptible equipment.
A person of them fears CVE-2022-36934 (CVSS rating: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code only by creating a video clip call.
The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to variations 2.22.16.12.
Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an reverse category of mistakes that arise when the result of an operation is as well tiny for storing the value in just the allocated memory room.
The higher-severity issue, supplied the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), affects WhatsApp for Android prior to variations 2.22.16.2 and WhatsApp for iOS edition 2.22.15.9, and could be induced on obtaining a specifically crafted online video file.
Exploiting integer overflows and underflows are a stepping stone in the direction of inducing undesirable actions, producing unforeseen crashes, memory corruption, and code execution.
WhatsApp did not share much more details on the vulnerabilities, but cybersecurity business Malwarebytes mentioned that they reside in two components called Video clip Call Handler and Movie File Handler, which could permit an attacker to seize management of the application.
Vulnerabilities on WhatsApp can be a rewarding attack vector for threat actors wanting to plant malicious program on compromised units. In 2019, an audio contacting flaw was exploited by the Israeli adware maker NSO Group to inject the Pegasus spyware.
Observed this posting interesting? Stick to THN on Fb, Twitter and LinkedIn to read through far more distinctive articles we submit.
Some parts of this article are sourced from:
thehackernews.com