3.2 C
London
Wednesday, December 7, 2022

WhatsApp reveals critical vulnerability in older app versions

Must read

San Francisco votes to end policy that allows police to deploy lethal robots

SAN FRANCISCO — San Francisco regulators voted Tuesday to put the brakes on a controversial policy that would have allowed police to use robots...

American Battery Factory’s first ‘gigafactory’ centimeters closer to reality • londonbusinessblog.com

American Battery Factory's grand plan to build a bunch of, er, U.S. battery factories was shaken Tuesday when Tucson, Arizona, the company go ahead...

Valuations of fintech unicorns have fallen sharply in 2022

Fintech was hot in 2021, but looking back… maybe too hot? The industry exploded last year, seeing record investment — $132 billion worldwide, according to...

The state of capital unfolded

At Startup Daily's recent 2023 Tech Playbook From Idea to Unicorn event, our expert panel discussed the state of capital from pre-seed to IPOs. There's...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Illustration by Alex Castro / The Verge

WhatsApp has published details of a “critical” vulnerability that has been patched in a newer version of the app, but may still affect older installations that have not been updated.

Details were disclosed in a September update to the WhatsApp page on security advisories that affect the app and came to light on September 23.

The critical bug would allow an attacker to exploit a code flaw known as an integer overflow, allowing them to run their own code on a victim’s smartphone after sending a specially crafted video call. Remote code execution vulnerabilities are an important step in installing malware, spyware or other malicious applications on a target system as they give attackers a foot in the door that can be used to further compromise the machine using techniques such as privilege escalation attacks.

The recently revealed vulnerability has been given the identification number CVE-2022-36934 in the National Vulnerability Database and received a severity score of 9.8 out of 10 on the CVE scale. This corresponds to the highest possible threat level: ‘critical’.

In the same security advisory update, WhatsApp also shared details about another vulnerability: CVE-2022-27492 — which allows attackers to execute code after sending a malicious video file. This vulnerability was rated 7.8 out of 10, or a severity level of ‘high’.

Both vulnerabilities have been patched in recently updated versions of WhatsApp and should already be fixed in any installation of the app that is set to update automatically (the default on most phones). According to the security advisory, the vulnerabilities affect:

  • WhatsApp for Android before v2.22.16.12
  • WhatsApp Business for Android older than v2.22.16.12
  • WhatsApp for iOS before v2.22.16.12
  • WhatsApp Business for iOS before v2.22.16.12

In addition to protecting against possible hacking exploits, there are even more reasons to keep your WhatsApp installation up to date. On Monday, the company announced it was rolling out a new feature that allows users to share a one-click link to join a group conversation and also test the implementation of 32-person encrypted video chats.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

San Francisco votes to end policy that allows police to deploy lethal robots

SAN FRANCISCO — San Francisco regulators voted Tuesday to put the brakes on a controversial policy that would have allowed police to use robots...

American Battery Factory’s first ‘gigafactory’ centimeters closer to reality • londonbusinessblog.com

American Battery Factory's grand plan to build a bunch of, er, U.S. battery factories was shaken Tuesday when Tucson, Arizona, the company go ahead...

Valuations of fintech unicorns have fallen sharply in 2022

Fintech was hot in 2021, but looking back… maybe too hot? The industry exploded last year, seeing record investment — $132 billion worldwide, according to...

The state of capital unfolded

At Startup Daily's recent 2023 Tech Playbook From Idea to Unicorn event, our expert panel discussed the state of capital from pre-seed to IPOs. There's...

Apple will use American-made chips from TSMC’s new Phoenix factory

Apple plans to use US-made processors after opening a state-of-the-art new chip factory in Phoenix, Arizona.For the plant's customers, including AMD and NVIDIA, the...