Details of a "critical"-related security vulnerability were published by WhatsApp. The vulnerability reportedly affected the Android version of the app and allowed attackers to plant malware remotely during a video call.
WhatsApp Vulnerability CVE-2022-36934 Gained a Severity Rating of 9.8 Out of 10
According to the story by Tech Crunch, the WhatsApp vulnerability was tracked as CVE-2022-36934 and got an extremely high severity rating. The high severity rating was due to how potentially dangerous it could be for Android users.
The vulnerability was rated a massive 9.8 out of 10 and WhatsApp described it as an integer overflow bug. It was described as so because it happens when the app "tries to perform a computational process" but finds that there is no space allotted in its memory.
Malwarebytes Released a Technical Analysis of the Vulnerability
This would then result in the data spilling out and users will be able to overwrite the system's memory's other parts with code that could potentially be malicious. No further details were shared by the company regarding the bug.
Malwarebytes, a security research firm, decided to do its very own technical analysis. Their technical analysis found the bug, which was found in the WhatsApp app component known as the "Video Call Handler."
WhatsApp Spokesperson Says that There is No Evidence of Exploitation
When the bug would be triggered, attackers would be allowed to take complete control of the app of the victim. Tech Crunch decided to reach out to WhatsApp for a comment but as per Joshua Breckman, the company was not able to see "evidence of exploitation."
It was also noted that Breckman told the publication that the bugs were discovered in-house. The bug was reportedly similar to another bug back in 2019 which was a critical-rated memory vulnerability.
Recent Vulnerability had Similarities with Another 2019 Vulnerability
The vulnerability that happened in 2019 resulted in WhatsApp blaming the NSO Group for targeting the phones of 1,400 victims including journalists, civilians, and even human rights defenders.
The attack similarly took advantage of the victim's audio calling feature which led to the attackers planting spyware no matter if the call was answered or not. WhatsApp also disclosed details of another vulnerability that had a lower severity rating which was still high.
How the Previous Vulnerability, CVE-2022-27492, Worked
The recently disclosed vulnerability was the CVE-2022-27492 which got a rating of 7.8 out of 10 in terms of severity which classifieds it as "high." This would allow hackers to be able to run malicious code on the iOS device of the victim after a malicious video file was sent.
As per Tech Crunch, both of the flaws were already patched within the latest WhatsApp version. In order for users to protect their WhatsApp from the vulnerability, they will have to update their app with the new patch.
Related Article: New Ransomware-Enhancing Method Tested by Hackers; Technique Could Make Data Irretrievable
This article is owned by Tech Times
Written by Urian B.