WhatsApp has patched a major security vulnerability that allowed threat actors to run malicious code on target endpoints remotely.
As explained in its official security advisory, the flaw is an integer overflow vulnerability, discovered in WhatsApp for Android (opens in new tab) prior tov22.214.171.124, Business for Android prior to v126.96.36.199, iOS prior to v188.8.131.52, and Business for iOS prior to v184.108.40.206.
The vulnerability is now tracked as CVE-2022-36934 and carries a vulnerability score of 9.8, putting it in the “critical” territory.
As explained by The Verge, the flaw allows threat actors to run malicious code on the target device, remotely, by sending a specially crafted video call. The malicious code could result in the device getting all kinds of malware installed, or having sensitive data and identities stolen.
Users whose mobile apps don’t update automatically are advised to update manually as soon as possible.
As part of the same update, WhatsApp fixed another flaw, similar in its potential and method of execution. Tracked as CVE-2022-27492, it would allow threat actors to run malicious code by sending a specially crafted video file. Unlike the first flaw, this one has a lower severity score – 7.8, but is still deemed “critical”.
While security upgrades are always a good reason to update the app, WhatsApp has also recently made some significant usability upgrades.
In August 2022, the company announced a new version of its Windows app, which no longer required to be connected to the smartphone and can work completely standalone.
Previously, the WhatsApp client for Windows 11 (and 10) was a web-based (Electron) effort, but the new app – which has moved from beta to its full release, is a native client, and what’s more, it works independently of your smartphone.
Via: The Verge (opens in new tab)