WhatsApp patched a serious security hole that allowed cybercriminals to remotely run malicious code on target endpoints.
As explained in the Official Security Advisory, the vulnerability is an integer overflow vulnerability found in WhatsApp for Android (opens in a new tab) earlier from 2.22.16.12, Business on Android from 2.22.16.12, iOS from 2.22.16.12 and Business on iOS from 2.22.16.12.
The vulnerability is now tracked as CVE-2022-36934 and has a vulnerability score of 9.8, placing it in “critical” territory.
Important updates
As explained by Borderland, this vulnerability allows cyber criminals to remotely run malicious code on a target device by sending a specially crafted video call. Malicious code can install all kinds of malware on your device or steal your sensitive data and identity.
Users whose mobile applications do not update automatically are advised to update manually as soon as possible.
As part of the same update, WhatsApp has fixed another flaw, similar in potential and performance. Tracked as CVE-2022-27492, it would allow cyber criminals to run malicious code by sending a specially crafted video file. Unlike the first defect, this one has a lower severity score of 7.8, but is still considered “critical”.
While security updates are always a good reason to update an app, WhatsApp has also made some significant usability improvements recently.
In August 2022, the company announced a new version of its Windows application that no longer requires a smartphone connection and can run entirely on its own.
Previously, the WhatsApp client for Windows 11 (and 10) was a web work (Electron), but the new app – which has moved from beta to full version is a native client and, what’s more, it works independently of your smartphone.
By: Borderland (opens in a new tab)