[ad_1]
WhatsApp has launched a safety replace for Android and iOS to repair two flaws in its messaging app that might result in distant code execution on susceptible gadgets.
One among them pertains to CVE-2022-36934 (CVSS rating: 9.8), a important integer overflow vulnerability in WhatsApp that leads to the execution of arbitrary code just by organising a video name.
This challenge impacts WhatsApp and WhatsApp Enterprise for Android and iOS previous to model 2.2.16.12.
Additionally patched by meta-owned messaging platforms is an integer underflow bug, which refers to an reverse class of errors that happen when the results of an operation is simply too small to retailer the worth inside the allotted reminiscence house. Is.
The high-severity challenge, given the CVE identifier CVE-2022-27492 (CVSS rating: 7.8), impacts WhatsApp for Android previous to model 2.22.16.2 and WhatsApp for iOS model 2.22.15.9, and particularly Could be triggered upon receiving a ready-made video file.
Harnessing integer overflow and underflow is a step in the direction of inducing undesirable conduct, resulting in surprising crashes, reminiscence corruption, and code execution.
WhatsApp did not share extra particulars on the vulnerabilities, however cybersecurity agency Malwarebytes stated they reside in two parts referred to as video name handlers and video file handlers, which might permit an attacker to take management of the app.
Vulnerabilities on WhatsApp could be a lovely assault vector for risk actors trying to set up malicious software program on compromised gadgets. In 2019, an audio calling flaw was exploited by Israeli spyware and adware maker NSO Group to inject Pegasus spyware and adware.
[ad_2]
Supply hyperlink