Tech News

Two WhatsApp Bug- CVE-2022-36934 and CVE-2022-27492

Two WhatsApp Bug detected lets go through the article-

CVE-2022-36934

In WhatsApp for Android previous to version 2.2.16.12, Business for Android prior to version 2.2.16.12, iOS prior to version 2.2.16.12, and Business for iOS prior to version 2.2.16.12, an integer overflow might lead to remote code execution during an active video call.

CVE-2022-27492

When receiving a manipulated video file, an integer underflow in WhatsApp for Android prior to v2.22.16.2 and WhatsApp for iOS prior to v2.22.15.9 might have led to remote code execution.

Two critical bugs in WhatsApp have been addressed that might allow remote code execution.

For 2022, WhatsApp will only release three security warnings, the first two of which were published in January and February. Customers are alerted about two memory-related problems impacting the WhatsApp mobile applications in the most recent advisory, which was published this month.

An integer overflow vulnerability that affects WhatsApp for Android before to 2.22.16.12, Business for Android prior to 2.22.16.12, iOS prior to 2.22.16.12, and Business for iOS prior to 2.22.16.12 is one of the issues, tagged as CVE-2022-36934 and rated “critical.”

The vulnerability, according to WhatsApp, allows for remote code execution during a video conversation.

The second bug, a high-severity bug identified as CVE-2022-27492, is an integer underflow that may be used to execute code remotely by delivering the targeted user a video file that has been specifically prepared. Versions 2.22.16.2 and 2.22.15.9 of WhatsApp for Android and iOS, respectively, include patches to fix the issue.

The video call handler component is affected by CVE-2022-36934, while the video file handler component is affected by CVE-2022-27492, according to cybersecurity company Malwarebytes.

There is no evidence to suggest that the vulnerabilities have been used in the wild; they appear to have been identified internally.

For hostile actors, WhatsApp vulnerabilities can be quite useful. Recent years have seen instances of WhatsApp zero-days being used to infect cellphones with malware. Even now, WhatsApp is suing Israeli spyware maker NSO Group for infecting users’ phones.

For WhatsApp exploits that result in remote code execution and local privilege escalation, the exploit acquisition business Zerodium is presently giving up to $1 million, and up to $1.5 million if the attack does not involve user input.

Follow Techmodena for the latest tech news, games, tech tips, how to, iPhone issue, tech news, tech reviews, gadget reviews, etc., For the latest videos, subscribe to our YouTube Channel.

Related Articles

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x
Mail Icon
Close

Adblock Detected

🙏Kindly remove the ad blocker so that we can serve you better and more authentic information🙏