In its most recent alert, WhatsApp warns of two major arbitrary program exploitation flaws that might put users’ data of earlier app editions in danger. The “serious” security flaw would have allowed hackers to remotely install malware on a victim’s smartphone. However, it can be via a specially designed video clip that has been fixed by the chat service.
One of the vulnerabilities, identified by WhatsApp as CVE-2022-36934, affects versions of WhatsApp for Android and iOS. It was released before 2.22.16.12, Business for Android and iOS was released before 2.22.16.12, and Business for iOS was released before 2.22.16.12. In an authenticated video connection, this problem might “result in remote code execution,” according to WhatsApp.
WhatsApp withheld any more information on the problem. Nevertheless, security research company Malwarebytes said in its technical investigation that the flaw was discovered in a WhatsApp app component called “Video Call Handler,”. If activated, would give an intruder total access to a victim’s app.
According to Experts:
Joshua Breckman, a spokesman for WhatsApp, told TechCrunch that the issues were found internally. And that there has been “no indication of execution” yet.
The major memory vulnerability is comparable to a 2019 problem that WhatsApp finally accused of targeting 1,400 victims’ devices. Also involves reporters, human rights advocates, and other civilians. That bug affected 1,400 victims’ phones in 2019.
This week, WhatsApp also made information about another vulnerability known. CVE-2022-27492 has a “high” severity rating of 7.8 out of 10. And might allow hackers to install malicious software on an iOS device after transmitting a malicious video clip.
According to Pieter Arntz, an insight analyst at Antivirus. “The exploitation with an unexpected source amounts to a storage degradation vulnerability.” Furthermore, to take advantage of this weakness, attackers would need to trick the victim into playing a specially created video clip. But that was dropped into their WhatsApp message.