Cybersecurity WhatsApp Issues Important Security Fix—Check Your App Version Now Kate O’Flaherty Senior Contributor Opinions expressed by Forbes Contributors are their own. Straight Talking Cyber Following New! Follow this author to stay notified about their latest stories. Got it! Sep 29, 2022, 12:14pm EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin WhatsApp has issued an important fix for two serious security vulnerabilities.
Here’s how to check you are protected. WhatsApp has issued a fix for two serious security vulnerabilities. Here’s how to check you are .
. . [+] protected.
Getty Images Secure messaging app WhatsApp has issued an important fix for a security vulnerability that could allow an attacker to plant malware while you’re on a video call. Tracked as CVE-2022-36934 , the flaw is an integer overflow issue in WhatsApp for Android and iOS that could result in remote code execution in a video call, WhatsApp said in security advisory . The WhatsApp security flaw is serious—with a severity rating of 9.
8 it is rated as “critical. ” Meanwhile, WhatsApp released details of another bug fix tracked as CVE-2022-27492 —an integer underflow flaw in WhatsApp for Android prior to v2. 22.
16. 2 and WhatsApp for iOS v2. 22.
15. 9 that could cause remote code execution when the victim receives a crafted video file. WhatsApp told me that the now patched security issues were discovered internally and “there was no evidence of exploitation.
” In other words, WhatsApp patched the issues before attackers could get hold of the details. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Analysis of the WhatsApp vulnerabilities WhatsApp hasn’t published any more details about the patched issues, but security researchers have analysed the data. Security firm Malwarebytes describes CVE-2022-36934 in a blog : “This RCE bug affects a piece of code in the WhatsApp component Video Call Handler, which allows an attacker to manipulate the bug to trigger a heap-based buffer overflow and take complete control of WhatsApp Messenger.
” Meanwhile, CVE-2022-27492 affects an unspecified code block of the component Video File Handler. “The manipulation with an unknown input leads to a memory corruption vulnerability,” Malwarebytes explained, adding that to exploit this vulnerability, attackers “would have to drop a crafted video file on the user’s WhatsApp messenger and convince the user to play it. ” Make sure you are using the latest version of WhatsApp “The vulnerabilities were found by the WhatsApp internal security team and silently fixed, so there is a good chance that your WhatsApp has already been updated,” says Malwarebytes’ Pieter Arntz.
However, it never hurts to check. If you have an iPhone, go to the App Store > Updates and tap the Update button next to the app. Also check you are updated to either iOS 15.
7 or iOS 16 , as these updates fix serious iPhone security issues. For Android users, go to the Play Store menu button. Under My apps and games, tap Update next to WhatsApp.
In general, be careful of any WhatsApp messages from people you don’t know. There are many scammers on WhatsApp, and the app has been targeted in spyware attacks. Follow me on Twitter or LinkedIn .
Kate O’Flaherty Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/kateoflahertyuk/2022/09/29/whatsapp-issues-important-security-fix-check-your-app-version-now/