Some older versions of WhatsApp have a critical security vulnerability, so patch now

(Image credit: Pexels/Anton)

WhatsApp has patched a major security vulnerability that allowed threat actors to run malicious code on target endpoints remotely. 

As explained in its official security advisory, the flaw is an integer overflow vulnerability, discovered in WhatsApp for Android prior tov2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, and Business for iOS prior to v2.22.16.12.

The vulnerability is now tracked as CVE-2022-36934 and carries a vulnerability score of 9.8, putting it in the “critical” territory.

Important updates

As explained by The Verge, the flaw allows threat actors to run malicious code on the target device, remotely, by sending a specially crafted video call. The malicious code could result in the device getting all kinds of malware installed, or having sensitive data and identities stolen

Users whose mobile apps don’t update automatically are advised to update manually as soon as possible. 

As part of the same update, WhatsApp fixed another flaw, similar in its potential and method of execution. Tracked as CVE-2022-27492, it would allow threat actors to run malicious code by sending a specially crafted video file. Unlike the first flaw, this one has a lower severity score - 7.8, but is still deemed “critical”.

While security upgrades are always a good reason to update the app, WhatsApp has also recently made some significant usability upgrades. 

In August 2022, the company announced a new version of its Windows app, which no longer required to be connected to the smartphone and can work completely standalone. 

Previously, the WhatsApp client for Windows 11 (and 10) was a web-based (Electron) effort, but the new app – which has moved from beta to its full release, is a native client, and what’s more, it works independently of your smartphone.

Via: The Verge

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.