Two WhatsApp Bug detected lets go through the article-
In WhatsApp for Android previous to version 188.8.131.52, Business for Android prior to version 184.108.40.206, iOS prior to version 220.127.116.11, and Business for iOS prior to version 18.104.22.168, an integer overflow might lead to remote code execution during an active video call.
When receiving a manipulated video file, an integer underflow in WhatsApp for Android prior to v22.214.171.124 and WhatsApp for iOS prior to v126.96.36.199 might have led to remote code execution.
Two critical bugs in WhatsApp have been addressed that might allow remote code execution.
For 2022, WhatsApp will only release three security warnings, the first two of which were published in January and February. Customers are alerted about two memory-related problems impacting the WhatsApp mobile applications in the most recent advisory, which was published this month.
An integer overflow vulnerability that affects WhatsApp for Android before to 188.8.131.52, Business for Android prior to 184.108.40.206, iOS prior to 220.127.116.11, and Business for iOS prior to 18.104.22.168 is one of the issues, tagged as CVE-2022-36934 and rated “critical.”
The vulnerability, according to WhatsApp, allows for remote code execution during a video conversation.
The second bug, a high-severity bug identified as CVE-2022-27492, is an integer underflow that may be used to execute code remotely by delivering the targeted user a video file that has been specifically prepared. Versions 22.214.171.124 and 126.96.36.199 of WhatsApp for Android and iOS, respectively, include patches to fix the issue.
- WhatsApp fixes ‘critical’ security bug that put Android phone data at risk
- How to Transfer WhatsApp from Android to iPhone 14
- WhatsApp Red Android (WhatsPlus Red v10.05 APK)
The video call handler component is affected by CVE-2022-36934, while the video file handler component is affected by CVE-2022-27492, according to cybersecurity company Malwarebytes.
There is no evidence to suggest that the vulnerabilities have been used in the wild; they appear to have been identified internally.
For hostile actors, WhatsApp vulnerabilities can be quite useful. Recent years have seen instances of WhatsApp zero-days being used to infect cellphones with malware. Even now, WhatsApp is suing Israeli spyware maker NSO Group for infecting users’ phones.
For WhatsApp exploits that result in remote code execution and local privilege escalation, the exploit acquisition business Zerodium is presently giving up to $1 million, and up to $1.5 million if the attack does not involve user input.