Two WhatsApp Bug- CVE-2022-36934 and CVE-2022-27492
Two WhatsApp Bug detected lets go through the article-
CVE-2022-36934
In WhatsApp for Android previous to version 2.2.16.12, Business for Android prior to version 2.2.16.12, iOS prior to version 2.2.16.12, and Business for iOS prior to version 2.2.16.12, an integer overflow might lead to remote code execution during an active video call.
CVE-2022-27492
When receiving a manipulated video file, an integer underflow in WhatsApp for Android prior to v2.22.16.2 and WhatsApp for iOS prior to v2.22.15.9 might have led to remote code execution.
Two critical bugs in WhatsApp have been addressed that might allow remote code execution.
For 2022, WhatsApp will only release three security warnings, the first two of which were published in January and February. Customers are alerted about two memory-related problems impacting the WhatsApp mobile applications in the most recent advisory, which was published this month.
An integer overflow vulnerability that affects WhatsApp for Android before to 2.22.16.12, Business for Android prior to 2.22.16.12, iOS prior to 2.22.16.12, and Business for iOS prior to 2.22.16.12 is one of the issues, tagged as CVE-2022-36934 and rated “critical.”
The vulnerability, according to WhatsApp, allows for remote code execution during a video conversation.
The second bug, a high-severity bug identified as CVE-2022-27492, is an integer underflow that may be used to execute code remotely by delivering the targeted user a video file that has been specifically prepared. Versions 2.22.16.2 and 2.22.15.9 of WhatsApp for Android and iOS, respectively, include patches to fix the issue.
- WhatsApp fixes ‘critical’ security bug that put Android phone data at risk
- How to Transfer WhatsApp from Android to iPhone 14
- WhatsApp Red Android (WhatsPlus Red v10.05 APK)
The video call handler component is affected by CVE-2022-36934, while the video file handler component is affected by CVE-2022-27492, according to cybersecurity company Malwarebytes.
There is no evidence to suggest that the vulnerabilities have been used in the wild; they appear to have been identified internally.
For hostile actors, WhatsApp vulnerabilities can be quite useful. Recent years have seen instances of WhatsApp zero-days being used to infect cellphones with malware. Even now, WhatsApp is suing Israeli spyware maker NSO Group for infecting users’ phones.
For WhatsApp exploits that result in remote code execution and local privilege escalation, the exploit acquisition business Zerodium is presently giving up to $1 million, and up to $1.5 million if the attack does not involve user input.
