Remote Code Execution Vulnerabilities in WhatsApp

Published on 28 Sep 2022

Updated on 28 Sep 2022

WhatsApp has released an update to address two remote code execution vulnerabilities (CVE-2022-36934 and CVE-2022-27492) affecting their mobile application. Currently, there are no reports of active exploitation of these vulnerabilities.

The vulnerabilities are as follows:

  • CVE-2022-36934 - An integer overflow vulnerability that affects the WhatsApp Video Call Handler component, allowing an attacker to exploit the vulnerability during a video call to a targeted user, and take complete control of their WhatsApp application.
  • CVE-2022-27492 - An integer underflow vulnerability that affects the WhatsApp Video File Handler component, allowing an attacker to exploit the vulnerability by sending a specially-crafted video file to a targeted user, and convincing the user to play it.

The following versions of WhatsApp are affected by CVE-2022-36934:

  • WhatsApp for iOS and Android prior to v2.22.16.12
  • WhatsApp Business for iOS and Android prior to v2.22.16.12

 

The following versions of WhatsApp are affected by CVE-2022-27492:

  • WhatsApp for Android prior to v2.22.16.2
  • WhatsApp for iOS v2.22.15.9

 

Users of affected WhatsApp versions are advised to update to the latest versions immediately. Users are also encouraged to enable automatic updates (if available) in iOS App Store and Android Play Store to ensure their applications are updated promptly.

 

References:

https://www.whatsapp.com/security/advisories/2022/?lang=en

https://www.malwarebytes.com/blog/news/2022/09/critical-whatsapp-vulnerabilities-patched-check-youve-updated