During video talks, an important “security flaw” in WhatsApp’s Android app may allow attackers to remotely install malware on users’ phones, according to information given by the company.
The messaging service provided information on a critical flaw, CVE-2022-36934, which WhatsApp identified as an integer overflow bug and has a severity rating of 9.8 out of 10.
The serious flaw, according to The Verge, would enable an attacker to send a specially designed video call to a victim and then execute their own code on the victim’s smartphone by taking advantage of a programming fault known as an integer overflow.
In order to install malware, spyware, or other harmful software on a target system, remote code execution vulnerabilities are a crucial step. By providing attackers with this access, they can employ methods like privilege escalation assaults to further compromise the system.
The flaw is comparable to a 2019 problem that WhatsApp blamed on Israeli spyware manufacturer NSO Group for targeting the phones of 1,400 victims, including journalists, human rights activists, and other civilians.
The assault at the time took use of a flaw in WhatsApp’s audio calling feature, which let the caller install spyware on a victim’s device whether the call was answered or not.
This week, WhatsApp also provided information of a different vulnerability, CVE-2022-27492, in the same security warning update. The flaw, which would allow attackers to execute malware after uploading a malicious video clip, has been given a “high” severity rating of 7.8 out of 10.
Both of these flaws have been corrected, according to The Verge, in recently updated versions of WhatsApp and should be fixed in any installation of the application that is set to automatic updates.
