The popular texting and communication app used by millions across the globe is seeing some well-needed cybersecurity revisions. These updates will work to fix and patch up too massive flaws for Android and iOS users that could leave many devices open to remote code execution.
One of these weak points, CVE-2022-36934 (CVSS score: 9.8), is what’s known as a critical integer overflow vulnerability which can result in WhatsApp experiencing an execution of random code simply from a connecting to a video call, affecting users with versions 2.22.16.12 or older.
Another issue was tagged with the CVE identifier CVE-2022-27492 (CVSS score: 7.8). This vulnerability primarily affects Android users with versions 2.22.16.2 or older. In these cases, an attack is possible from receiving an innocent video file.
A spokesperson for WhatsApp stated that "we discovered [the flaws] ourselves, and there was no evidence of exploitation." Since 2019, it was discovered that the Israeli government was consistently exploiting a slight flaw in audio calling to inject Pegasus spyware.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Komentáře