WhatsApp has published the details of two major vulnerabilities found in non-updated versions of the application. This means that the company responsible for the messaging service was already aware of the problems and that it has solved them, but if you are not using the latest version of the application, it would be convenient to update it as soon as possible.
The first vulnerability, which is tracked as CVE-2022-36934 and whose severity is 9.8 out of 10 (critical), consists of an integer overflowa common error that basically consists of trying to introduce a value into an integer type variable that is greater than the maximum that the variable can support, thus causing it to overflow.
In the case of the messaging service application owned by Meta, integer overflow is exploited by sending a specifically designed call by the attacker, thus opening the door to carry out remote attacks that can lead to the installation of malware on the operating system used by the victim’s device, which is often done through an escalation of privileges.
The second vulnerability, followed as CVE-2022-27492 and whose severity is 7.8 out of 10 (high), allows attackers to remotely execute code after sending a malicious video file. Unfortunately, multimedia files have been one of the most widely used means of spreading malware for many years, and the fact is that malicious actors, if they were not deceiving staff, would have little success in many cases.
Both vulnerabilities have been recently patched, so we recommend carry out an update process as soon as possible. The versions of WhatsApp affected are the following:
- WhatsApp for Android v188.8.131.52 and earlier
- WhatsApp Business for Android v184.108.40.206 and earlier
- WhatsApp for iOS v220.127.116.11 and earlier
- WhatsApp Business for iOS v18.104.22.168 and earlier
In both Android and iOS, the logical thing is to go to the application store and proceed to perform a standard update. However, the great freedoms granted by the Google system can mean that someone is using a custom ROM and obtaining the APK installer manually, so in this case we recommend uninstalling the application and reinstalling it in case the APK file does not work directly with the update.