WhatsApp discloses critical bug in older versions, now patched


New Delhi, Sep 27 (IANS): Meta-owned WhatsApp has revealed a critical bug that could affect older installations on various devices that have not been updated with latest software versions.

The vulnerability could allow an attacker to exploit a code error known as an integer overflow.

"An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call," WhatsApp said in an update.

In remote code execution, a hacker can remotely execute commands on someone else's computing device.

Remote code executions (RCEs) usually occur due to malicious malware downloaded by the host and can happen regardless of the device's geographic location.

The recently disclosed vulnerability has been called CVE-2022-36934, with a severity score of 9.8 out of 10 on the CVE scale.

WhatsApp also revealed details of another bug that could have caused remote code execution when receiving a crafted video file.

Both of these vulnerabilities have been patched in the latest versions of WhatsApp.

WhatsApp on Monday announced it was rolling out Call Links to make it easier to start and join a call in just one tap.

The company also started testing secured and encrypted group video calls for up to 32 people on WhatsApp.

 

  

Top Stories


Leave a Comment

Title: WhatsApp discloses critical bug in older versions, now patched



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.