WhatsApp’s internal security team has published a security advisory. According to its security advisory, it addressed both vulnerabilities CVE-2022-36934 and CVE-2022-27492that might allow an attacker to perform remote code execution on the iOS and Android devices on which vulnerable versions of WhatApp is running. Since these vulnerabilities allow attackers to get remote access to a device and issue commands from a distance and could cause undesirable behavior, unexpected crashes, and memory corruption issues, it is worth knowing how to patch these two RCE vulnerabilities in WhatsApp.
Summary of CVE-2022-36934:
WhatsApp discovered the CVE-2022-36934 vulnerability as an integer overflow in WhatsApp. The severity level for this weakness is assessed as 9.8 out of 10. This occurs when an application tries to carry out a computational activity but does not have enough capacity in the memory allocated to it. This causes the data to spill out and overwrite other sections of the memory on the system with possibly harmful code.
A malicious advisory might take total control of the victim’s WhatsApp app by exploiting this integer overflow vulnerability in WhatsApp’s Video Call Handlercomponent during a video call. Malwarebytes has published few technical details on these flaws. Visit their post to read.
Summary of CVE-2022-27492:
This is an integer underflow vulnerability discovered by WhatsApp this week. It is assessed as “severe” with a CVSS score of 7.8 out of 10. It might enable hackers to launch malicious scripts on a victim’s iOS and Android devices when the hacker sends the victim a malicious video file.
WhatsApp Versions Affected by These Flaws:
These vulnerabilities impact WhatsApp users on both Android and iOS, so we recommend every WhatsApp user to take a look at this post since this post covered how to fix RCE vulnerabilities in WhatsApp.
The versions of WhatsApp are susceptible to at least one of the vulnerabilities are as follows:
- WhatsApp for Android versions prior to and including v22.214.171.124.
- WhatsApp Business for Android versions prior to and including v126.96.36.199.
- WhatsApp for iOS versions prior to and including v188.8.131.52.
- WhatsApp Business for iOS versions prior to and including v184.108.40.206.
Both vulnerabilities impact versions of WhatsApp for Android that are older than v220.127.116.11 and WhatsApp for iOS that are older than v18.104.22.168.
How to Patch These Two RCE Vulnerabilities in WhatsApp?
Since the WhatsApp security team has discovered the RCE vulnerabilities in Whatsapp well on time and took every measure to secretly patch them, there are greater chances that your version of WhatsApp already has the latest update. However, it’s still better to check if you’re protected or not.
To Patch WhatsApp on iOS:
- Visit the App Store on your iPhone and then tap the Updates button once you’re there.
- When you find the WhatsApp app, select it and then hit the Update icon.
- After that, the update should begin installing on your phone automatically.
To Patch WhatsApp on Android:
You may access the Play Store from your Android device by pressing the menu button and then choosing the appropriate option from the resulting drop-down menu.
- Select the My applications and games menu
- Tap WhatsApp Messenger.
- Finally, select the Update option.
How to Check the Version Info of Your WhatsApp?
If you are not sure which version of WhatsApp is running on your iOS and Android. You can get the version info from its ‘Help’ section.
- Open WhatsApp Messenger.
- Click on Options.
- Select Settings.’
- Select ‘Help’.
- Tap ‘App Info’.
How to Upgrade Your WhatsApp to the Latest Version?
- Find WhatsApp Messenger for Android in the Google Play Store, then tap Update.
- Find WhatsApp Messenger for iPhone in the Apple App Store, then tap Update.
We hope this post would help you know how to patch these two RCE vulnerabilities in WhatsApp. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.