in ,

WhatsApp Fixed Critical RCE Flaws (CVE-2022-36934 & CVE-2022-27492)

WhatsApp heap-based overflow on iOS/Android Video Call

A couple of security vulnerability has been found in WhatsApp which is classified as critical. This vulnerability affects the unknown code of the component Video Call Handler. The manipulation leads to a heap-based buffer overflow.

Whatsapp released security advisories for both the flaw which are:-

An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.

An Integer underflow in WhatsApp for Android prior to v2.22.16.2, and WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.

It is not yet clear that an attack can be initiated remotely and at the time of writing there was no exploit available.

It is highly recommended to Update your WhatsApp apps from the respective app store.

What do you think?

Written by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

(CVE-2022-36804) Pre Auth RCE in Bitbucket