WhatsApp has issued an important fix for two serious security vulnerabilities.
Here’s how to check you are protected.
Secure messaging app WhatsApp has issued an important fix for a security vulnerability that could allow an attacker to plant malware while you’re on a video call. Tracked as CVE-2022-36934, the flaw is an integer overflow issue in WhatsApp for Android and iOS that could result in remote code execution in a video call, WhatsApp said in security advisory.
The WhatsApp security flaw is serious—with a severity rating of 9.8 it is rated as “critical.”
Meanwhile, WhatsApp released details of another bug fix tracked as CVE-2022-27492—an integer underflow flaw in WhatsApp for Android prior to v22.214.171.124 and WhatsApp for iOS v126.96.36.199 that could cause remote code execution when the victim receives a crafted video file.
WhatsApp told me that the now patched security issues were discovered internally and “there was no evidence of exploitation.” In other words, WhatsApp patched the issues before attackers could get hold of the details.
Analysis of the WhatsApp vulnerabilities
WhatsApp hasn’t published any more details about the patched issues, but security researchers have analysed the data. Security firm Malwarebytes describes CVE-2022-36934 in a blog: “This RCE bug affects a piece of code in the WhatsApp component Video Call Handler, which allows an attacker to manipulate the bug to trigger a heap-based buffer overflow and take complete control of WhatsApp Messenger.”
Make sure you are using the latest version of WhatsApp
“The vulnerabilities were found by the WhatsApp internal security team and silently fixed, so there is a good chance that your WhatsApp has already been updated,” says Malwarebytes’ Pieter Arntz. However, it never hurts to check.
If you have an iPhone, go to the App Store > Updates and tap the Update button next to the app.
Also check you are updated to either iOS 15.7 or iOS 16, as these updates fix serious iPhone security issues.
For Android users, go to the Play Store menu button. Under My apps and games, tap Update next to WhatsApp.
In general, be careful of any WhatsApp messages from people you don’t know. There are many scammers on WhatsApp, and the app has been targeted in spyware attacks.