WhatsApp has patched a major security vulnerability that allowed threat actors to run malicious code on target endpoints remotely.
As explained in its official security advisory, the flaw is an integer overflow vulnerability, discovered in WhatsApp for Android prior tov126.96.36.199, Business for Android prior to v188.8.131.52, iOS prior to v184.108.40.206, and Business for iOS prior to v220.127.116.11.
The vulnerability is now tracked as CVE-2022-36934 and carries a vulnerability score of 9.8, putting it in the “critical” territory.
As explained by The Verge, the flaw allows threat actors to run malicious code on the target device, remotely, by sending a specially crafted video call. The malicious code could result in the device getting all kinds of malware installed, or having sensitive data and identities stolen.
Users whose mobile apps don’t update automatically are advised to update manually as soon as possible.
As part of the same update, WhatsApp fixed another flaw, similar in its potential and method of execution. Tracked as CVE-2022-27492, it would allow threat actors to run malicious code by sending a specially crafted video file. Unlike the first flaw, this one has a lower severity score - 7.8, but is still deemed “critical”.
While security upgrades are always a good reason to update the app, WhatsApp has also recently made some significant usability upgrades.
In August 2022, the company announced a new version of its Windows app, which no longer required to be connected to the smartphone and can work completely standalone.
Previously, the WhatsApp client for Windows 11 (and 10) was a web-based (Electron) effort, but the new app – which has moved from beta to its full release, is a native client, and what’s more, it works independently of your smartphone.
- Here's our rundown of the best firewalls right now
Via: The Verge
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.