Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Patch These Two RCE Vulnerabilities in WhatsApp
September 29, 2022

How to Patch These Two RCE Vulnerabilities in WhatsApp

How To Patch These Two Rce Vulnerabilities In Whatsapp

WhatsApp’s internal security team has published a security advisory. According to its security advisory, it addressed both vulnerabilities CVE-2022-36934 and CVE-2022-27492that might allow an attacker to perform remote code execution on the iOS and Android devices on which vulnerable versions of WhatApp is running. Since these vulnerabilities allow attackers to get remote access to a device and issue commands from a distance and could cause undesirable behavior, unexpected crashes, and memory corruption issues, it is worth knowing how to patch these two RCE vulnerabilities in WhatsApp.

Summary of CVE-2022-36934:

WhatsApp discovered the CVE-2022-36934 vulnerability as an integer overflow in WhatsApp. The severity level for this weakness is assessed as 9.8 out of 10. This occurs when an application tries to carry out a computational activity but does not have enough capacity in the memory allocated to it. This causes the data to spill out and overwrite other sections of the memory on the system with possibly harmful code.

A malicious advisory might take total control of the victim’s WhatsApp app by exploiting this integer overflow vulnerability in WhatsApp’s Video Call Handlercomponent during a video call. Malwarebytes has published few technical details on these flaws. Visit their post to read.

Summary of CVE-2022-27492:

This is an integer underflow vulnerability discovered by WhatsApp this week. It is assessed as “severe” with a CVSS score of 7.8 out of 10. It might enable hackers to launch malicious scripts on a victim’s iOS and Android devices when the hacker sends the victim a malicious video file.

WhatsApp Versions Affected by These Flaws:

These vulnerabilities impact WhatsApp users on both Android and iOS, so we recommend every WhatsApp user to take a look at this post since this post covered how to fix RCE vulnerabilities in WhatsApp.

 The versions of WhatsApp are susceptible to at least one of the vulnerabilities are as follows:

  1. WhatsApp for Android versions prior to and including v2.22.16.12.

  2. WhatsApp Business for Android versions prior to and including v2.22.16.12.

  3. WhatsApp for iOS versions prior to and including v2.22.16.12.

  4. WhatsApp Business for iOS versions prior to and including v2.22.16.12.

Both vulnerabilities impact versions of WhatsApp for Android that are older than v2.22.16.2 and WhatsApp for iOS that are older than v2.22.15.9.

How to Patch These Two RCE Vulnerabilities in WhatsApp?

Since the WhatsApp security team has discovered the RCE vulnerabilities in Whatsapp well on time and took every measure to secretly patch them, there are greater chances that your version of WhatsApp already has the latest update. However, it’s still better to check if you’re protected or not. 

To Patch WhatsApp on iOS:

  1. Visit the App Store on your iPhone and then tap the Updates button once you’re there. 

  2. When you find the WhatsApp app, select it and then hit the Update icon. 

  3. After that, the update should begin installing on your phone automatically.

To Patch WhatsApp on Android:

You may access the Play Store from your Android device by pressing the menu button and then choosing the appropriate option from the resulting drop-down menu. 

  • Select the My applications and games menu

  • Tap WhatsApp Messenger.

  • Finally, select the Update option.

How to Check the Version Info of Your WhatsApp?

If you are not sure which version of WhatsApp is running on your iOS and Android. You can get the version info from its ‘Help’ section.

  1. Open WhatsApp Messenger.

  2. Click on Options.

  3. Select Settings.’

  4. Select ‘Help’.

  5. Tap ‘App Info’.

How to Upgrade Your WhatsApp to the Latest Version?

We hope this post would help you know how to patch these two RCE vulnerabilities in WhatsApp. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription