WhatsApp reveals security bug that put users’ data at risk

WhatsApp has shared details of a critical “security bug” affecting its Android app that could allow attackers to remotely plant malware on users’ phones during video calls.

The messaging app mentioned the details of a critical vulnerability, known as CVE-2022-36934 with a severity rating of 9.8 out of 10, described by WhatsApp as an integer overflow bug.

According to The Verge, the critical bug would allow an attacker to exploit a code error known as an integer overflow, letting them execute their own code on a victim’s smartphone after sending a specially crafted video call.

Remote code execution vulnerabilities are a key step in installing malware, spyware, or other malicious applications on a target system, as they give attackers a foot in the door that can be used to further compromise the machine using techniques like privilege escalation attacks.

The vulnerability is similar to a 2019 bug, wherein WhatsApp blamed on Israeli spyware maker NSO Group to target 1,400 victims’ phones, including journalists, human rights defenders, and other civilians.

At that time, the attack leveraged a bug in WhatsApp’s audio calling feature that allowed the caller to plant spyware on a victim’s device, regardless of whether the call was picked or not.

In the same security advisory update, WhatsApp also disclosed this week details of another vulnerability, CVE-2022-27492. The bug has been rated “high” in severity at 7.8 out of 10 which would let attackers execute code after sending a malicious video file.

As per The Verge, both of these vulnerabilities are patched in recently updated versions of WhatsApp and should already be fixed in any installation of the app that is set to automatically update.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.