A new WhatsApp vulnerability has been reported by the instant messaging application owned by Meta. Indian cyber security nodal agency CERT-In has also issued a high security alert, warning users about the possibility of data being lost or compromised to a malicious actor.
notification The vulnerability, released by WhatsApp and Indian cyber security agency CERT-In, claims that the vulnerability affected WhatsApp for Android and iOS prior to v22.214.171.124.
How can the WhatsApp bug be misused?
The government agency claims that several vulnerabilities have been reported in WhatsApp, which can be exploited by a remote attacker to execute arbitrary code on the targeted system.
The agency claims that this vulnerability exists in WhatsApp due to integer overflow. This means that anyone can execute the code remotely via video call.
A malicious actor can take control by sending a specially crafted video file. Which would let them execute arbitrary code.
In remote code execution, a hacker can execute commands remotely on someone else’s computing device.
Remote code execution (RCE) is usually caused by malicious malware downloaded by the host and can occur regardless of the geographic location of the device. The recently revealed vulnerability has been called CVE-2022-36934, with a severity score of 9.8 out of 10 on the CVE scale.
What should you do?
Both these vulnerabilities have been patched in the latest version of WhatsApp. The user just needs to ensure that they have updated to the latest version of the application.
Post Government agency warns of dangerous WhatsApp bug affecting Android, iOS devices: Did it instantly first spotted on BGR India.