WhatsApp has issued fixes for two security vulnerabilities impacting its app, one of which has been given a "critical" rating, according to TechCrunch.
Threat actors could exploit the critical integer overflow flaw, tracked as CVE-2022-36934 and found within WhatsApp's Video Call Handler component, to facilitate total app takeover, according to Malwarebytes. Such a bug, which has "no evidence of exploitation," resembles a vulnerability in WhatsApp's audio calling feature discovered in 2019 which had been abused to target devices of 1,400 individuals.
Meanwhile, the high-severity flaw, tracked as CVE-2022-27492, could be exploited by attackers to enable malicious code on an iOS device following malicious video file delivery.
"The manipulation with an unknown input leads to a memory corruption vulnerability. To exploit this vulnerability, attackers would have to drop a crafted video file on the users WhatsApp messenger and convince the user to play it," said Malwarebytes intelligence researcher Pieter Arntz.
Immediate updates have been advised for WhatsApp users.
WhatsApp vulnerabilities addressed
WhatsApp has issued fixes for two security vulnerabilities impacting its app, one of which has been given a "critical" rating, according to TechCrunch.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.
Aside from touting its platform's consolidated command center that enables automated vulnerability triage and risk acceptance across various stages, DefectDojo has also introduced visualization upgrades.