WhatsApp brings an important security patch to its secure messaging app

Remember to update your WhatsApp application to continue chatting with your loved ones in complete security and confidentiality.

WhatsApp has made an important fix to its secure messaging to address a security flaw that could allow a hacker to install malware using a video call. Spotted as CVE-2022-36934, the flaw consists of an integer overflow within the WhatsApp app on Android and iOS that could lead to remote code execution during a video call, it said. WhatsApp in a statement.

The security flaw of WhatsApp is serious. With an estimated severity rate of 9.8, it is considered “critical. »

In parallel, WhatsApp also brought another security patch related to a bug called CVE-2022-27492: a flaw consisting of an integer overflow within the application on Android before version 2.22.16.2 and on iOS before version v2. 22.15.9. This flaw could lead to remote code execution after receiving a modified video file.

WhatsApp said the security vulnerabilities, now fixed, were discovered internally and that there was “no evidence of exploitation” of said vulnerabilities. In other words, WhatsApp fixed the problem before hackers could take action.

WhatsApp Vulnerability Scan

The secure messaging app did not release further details on the patched flaws, but security experts analyzed the data. Security firm Malwarebytes describes the flaw CVE-2022-36934 in a blog post: “This RCE bug affects a piece of code in the WhatsApp Video Call Handler component, which allows an attacker to manipulate the bug to trigger a buffer overflow and take complete control of WhatsApp Messenger. »

At the same time, the CVE-2022-27492 flaw affects an unspecified code block of the Video File Handler component. “Handling with an unknown input results in a memory corruption vulnerability,” Malwarebytes says, adding that to exploit this vulnerability, hackers “would have to drop a modified video file into the user’s WhatsApp messenger and convince the user to play it. . »

Make sure you are using the latest version of WhatsApp

“The vulnerabilities were discovered by WhatsApp’s internal security team and patched with the utmost discretion, so there’s a good chance your app has already been updated,” says Pieter Arntz (Malwarebytes). However, it is always good to check.

If you have an iPhone, go to App Store > Update and tap the “Update” tab next to the app. Also, make sure you have iOS 15.7 or iOS 16, as these updates fix serious iPhone security issues.

For Android users, go to Play Store > My apps & games and tap on the “Update” tab next to the app.

In general, be careful of WhatsApp messages from people you don’t know. There are a lot of scammers on the app, and it has been targeted by spyware before.

Article translated from Forbes US – Author: Kate O’Flaherty

<<< Also read: Uber, or the democratization of hacking >>>

Leave a Comment