WhatsApp has published on its official blog information about two vulnerabilities main found in outdated versions of the application.
This means that the company responsible for the Messenger Service I was already aware of the issues and fixed them, but if the user is not using the latest version of the platform, you should update it as soon as possible.
What are these WhatsApp vulnerabilities
The first vulnerability, tracked as CVE-2022-36934 with a severity rating of 9.8/10 (critical), consists of a integer Overflow, a common mistake that basically consists of trying to add a value to an integer variable.
What does this mean? In the messaging service application owned by Goalthat there is an integer overflow means that the attacker will send a call, which opens the door to remote attacks that could lead to the installation of malware in the operating system of a user.
And to note, a malware is capable of performing many actions on an infected computer, such as:
– Record keystrokes or keylogging to search for credentials and other sensitive data;
– Intercept communications in any social media app
– Record calls
– Take photos
– Steal user credentials.
The second vulnerability, tracked as CVE-2022-27492 and rated 7.8/10 (High), allows attackers to execute remote code after send a malicious video file.
Unfortunately, media files have been one of the most widely used tools for spreading malware for years, and the reality is that unless staff are fooled, malicious actors are not successful in many cases.
However, the great freedoms that the system of Google can make someone use a custom ROM and thus getting the installer from APK manually. So in this case, WhatsApp also recommends uninstalling and reinstalling the app if the APK file doesn’t work directly with the update.
What versions of WhatsApp are in danger and how to update it
Both vulnerabilities were recently patched, so TechMarkup recommends completing the update process as soon as possible.
In the case of vulnerability to video call (CVE-2022-36934), the vulnerable WhatsApp versions are:
– For iOS earlier than version v220.127.116.11
– Business for iOS older than v18.104.22.168
– For Android older than version v22.214.171.124
– Business for Android older than v126.96.36.199
In the case of vulnerability before sending a malicious video (CVE-2022-27492), the vulnerable WhatsApp versions are:
– WhatsApp for Android older than v188.8.131.52
– WhatsApp for iOS v184.108.40.206
both in Android and iOSfor to update the messaging application you have to go to the application store (Google Play Store Y app storerespectively) and continue with the current or latest available update.
Keys to detect if a cell phone is infected by malware
– Abnormal phone performance: menus and apps that close, applications that are installed without permission, settings that change themselves, among others.
– Excessive battery consumption: From Settings > Battery, you can see which process is using a lot of battery. If the app in question is not used or is a strange app, the phone could be infected.
– Excessive spending of data: Viruses often send data from your phone to their servers, so you may notice an increase in data from one day to the next. It can also be checked from Settings.
– Advertising where there should not be: If the phone shows more ads than normal and, especially, it does so in browsers where there were none before, you may have a problem. ‘adware’ (malware but in ads).