technology

Two critical security flaws discovered and fixed by WhatsApp


WhatsApp

WhatsApp is a free and secure instant messenger that allows you to keep in touch with all your friends or family, you can download and install it on all platforms.

  • Downloads:
    19226
  • Release date :
    09/27/2022
  • Author :
    WhatsApp
  • Licence :
    Free license
  • Categories:

    Communication

  • Operating system :

    Android, Online service All Internet browsers, Windows 10/11, Windows 32 bits – XP/Vista/7/8/10/11, Windows 64 bits – XP/Vista/7/8/10/11, iOS iPhone, macOS

Make sure your version of WhatsApp is up to date. The chat application has indeed revealed that two major security flaws have been discovered in older versions of the software. Do not panic that said, no malicious use has been identified and the bug has normally been fixed for a few weeks now, if you have updated your application correctly.

The flaws concern versions of WhatsApp that precede 2.22.16.12, i.e. those dating from before August 2022 or so. If you haven’t updated WhatsApp since this date, it’s time to do it quickly. Both iOS and Android versions of the app are affected. In most cases, however, there is nothing to worry about since the automatic updates should have done their job.

The first flaw, which is codenamed CVE-2022-36934, inherits a severity rating of 9.8/10 due to the very broad rights it provides over a victim’s phone. By exploiting a bug in the video call functionality of WhatsApp, it is possible to infect the phone with a malware using a loophole integer overflow. To put it simply, this allows code to be written outside the theoretical limits imposed on the application, leaving the possibility of infecting the underlying operating system. In the case that interests us, a simple malicious video call can theoretically infect a device.

A simple video as a gateway

The other fault, identified via the code CVE-2022-27492also makes it possible to inject a malware, but this time by sending a video. As specified MalwareBytes Cybersecurity Specialiststo exploit this vulnerability, attackers must send a modified video file to WhatsApp and convince WhatsApp to play it“. This bug inherits a severity rating of 7.8/10.

These flaws are reminiscent of the one used by the company NSO Group, publisher of the famous spyware Pegasus, in 2019. Fortunately, this time WhatsApp teams identified and patched the bugs before malicious hackers exploited them. This news allows all the same to remember why it is important to carry out its updates regularly and not to click on any file which arrives in its inbox.

Advertising, your content continues below

Related Articles

Back to top button