Details of a “critical” security vulnerability have been published by WhatsApp. The vulnerability would have affected the Android version of the app and allowed attackers to plant malware remotely during a video call.
WhatsApp vulnerability CVE-2022-36934 has a severity rating of 9.8 out of 10
According to the Tech Crunch story, the WhatsApp vulnerability has been identified as CVE-2022-36934 and given an extremely high severity rating. The high severity rating was due to the potential danger to Android users.
The vulnerability was rated a massive 9.8 out of 10 and WhatsApp described it as an integer overflow bug. It was described as such because it occurs when the application “tries to perform a calculation process” but finds that there is no allocated space in its memory.
Malwarebytes has published a technical analysis of the vulnerability
This would then lead to data leakage and users could overwrite other parts of system memory with potentially malicious code. No other details were shared by the company regarding the bug.
Malwarebytes, a security research company, decided to do its own technical analysis. Their technical analysis found the bug, which was found in the component of the WhatsApp application known as the “video call handler”.
WhatsApp spokesperson says there is no evidence of exploitation
When the bug would be triggered, the attackers would be allowed to take complete control of the victim’s application. Tech Crunch decided to contact WhatsApp for comment, but according to Joshua Breckman, the company was unable to see “evidence of exploitation”.
It was also noted that Breckman told the publication that the bugs were discovered internally. The bug was reportedly similar to another bug in 2019, which was a critical memory vulnerability.
The recent vulnerability had similarities to another vulnerability from 2019
The vulnerability that occurred in 2019 led WhatsApp to accuse the NSO Group of targeting the phones of 1,400 victims, including journalists, civilians and even human rights defenders.
The attack also took advantage of the victim’s audio call feature, which led attackers to implant spyware whether or not the call was answered. WhatsApp also revealed details of another vulnerability which had a lower severity rating which was still high.
Read also : Will purchases of U.S. law enforcement cellphone tracking tools be restricted? New legislation may be introduced
How the previous vulnerability works, CVE-2022-27492
The recently disclosed vulnerability was CVE-2022-27492 which was rated 7.8 out of 10 in terms of severity, which classifies it as “high”. This would allow hackers to be able to execute malicious code on the victim’s iOS device after sending a malicious video file.
According to Tech Crunch, both flaws have already been patched in the latest version of WhatsApp. For users to be able to protect their WhatsApp from the vulnerability, they will need to update their app with the new patch.
Related article: New ransomware improvement method tested by hackers; The technique could make the data unrecoverable
This article belongs to Tech Times
Written by Urian B.
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.