Application security, Endpoint/Device Security
WhatsApp vulnerabilities addressed
Share
WhatsApp has issued fixes for two security vulnerabilities impacting its app, one of which has been given a "critical" rating, according to TechCrunch.
Threat actors could exploit the critical integer overflow flaw, tracked as CVE-2022-36934 and found within WhatsApp's Video Call Handler component, to facilitate total app takeover, according to Malwarebytes. Such a bug, which has "no evidence of exploitation," resembles a vulnerability in WhatsApp's audio calling feature discovered in 2019 which had been abused to target devices of 1,400 individuals.
Meanwhile, the high-severity flaw, tracked as CVE-2022-27492, could be exploited by attackers to enable malicious code on an iOS device following malicious video file delivery.
"The manipulation with an unknown input leads to a memory corruption vulnerability. To exploit this vulnerability, attackers would have to drop a crafted video file on the users WhatsApp messenger and convince the user to play it," said Malwarebytes intelligence researcher Pieter Arntz.
Immediate updates have been advised for WhatsApp users.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Related Terms
Anti-MalwareBannerCommon Gateway Interface (CGI)Dynamic Link LibraryEndpoint SecurityEphemeral PortExtranetFirmwareKeyloggerRegistryGet daily email updates
SC Media's daily must-read of the most current and pressing daily news