WhatsApp fixes ‘critical’ security bug that put Android phone data at risk- A “serious” security flaw in WhatsApp’s Android app has been disclosed. If exploited, the flaw might allow attackers to remotely install malware on a victim’s smartphone while they are on a video conversation.
WhatsApp refers to the weakness as an integer overflow fault and has logged it as CVE-2022-36934, with a severity level of 9.8 out of 10. This occurs when a program tries to do a calculation but runs out of memory space in its allocated memory, allowing data to spill out and possibly harmful code to corrupt other areas of the system’s memory.
WhatsApp Fixes Critical Security Bug
WhatsApp withheld any more information on the problem. Malwarebytes, a security research company, said in its own technical investigation that the flaw is present in a “Video Call Handler” component of the WhatsApp app, which if activated would give an attacker total control of a victim’s app.
Joshua Breckman, a spokesman for WhatsApp, told TechCrunch that the issues were found internally and that there has been “no indication of exploitation” to yet.
The memory flaw, which has a critical rating, is comparable to one that WhatsApp finally attributed to Israeli spyware manufacturer NSO Group in 2019 for targeting the phones of 1,400 people, including journalists, human rights advocates, and other civilians.
The assault took use of a flaw in WhatsApp’s audio calling function, which gave the caller the ability to install spyware on the victim’s smartphone whether or not the call was answered.
This week, WhatsApp also revealed information on a another vulnerability, CVE-2022-27492, which might let hackers to execute malicious code on an iOS victim’s device after transmitting a malicious video file and is classified as “high” in severity at 7.8 out of 10.
- How to block, report, and delete spam on WhatsApp
- WhatsApp working on add caption while sharing document and can edit message after send
- How to Transfer WhatsApp from Android to iPhone 14
Pieter Arntz, an intelligence researcher at Malwarebytes, stated that memory corruption vulnerability is caused by manipulation with an unknown input. Attackers would need to convince the victim to play a specially created video file dropped on their WhatsApp message in order to take advantage of this vulnerability.
The most recent WhatsApp versions provide fixes for these issues. Today’s update.