WhatsApp fixes ‘vital’ safety bug that put Android cellphone information in danger • TechCrunch

WhatsApp has revealed particulars of a “vital”-rated safety vulnerability affecting its Android app that might enable attackers to remotely plant malware on a sufferer’s smartphone throughout a video name.

Particulars of the flaw, tracked as CVE-2022-36934 with an assigned severity ranking of 9.8 out of 10, is described by WhatsApp as an integer overflow bug. This occurs when an app tries to carry out a computational course of however has no area in its allotted reminiscence, inflicting the info to spill out and overwrite different elements of the system’s reminiscence with probably malicious code.

WhatsApp didn’t share any additional particulars in regards to the bug. However safety analysis agency Malwarebytes stated in its personal technical evaluation that the bug is present in a WhatsApp app part known as “Video Name Handler,” which if triggered would enable an attacker to take full management of a sufferer’s app.

When reached for remark, WhatsApp didn’t instantly say if it has proof of energetic exploitation or if the vulnerabilities had been found in-house.

The critical-rated reminiscence vulnerability is much like a 2019 bug, which WhatsApp in the end blamed on Israeli spy ware maker NSO Group in 2019 for utilizing to focus on 1,400 victims’ telephones, together with journalists, human rights defenders, and different civilians. The assault leveraged a bug in WhatsApp’s audio calling characteristic that allowed the caller to plant spy ware on a sufferer’s system, no matter whether or not the decision was answered.

WhatsApp additionally disclosed this week particulars of one other vulnerability, CVE-2022-27492, rated “excessive” in severity at 7.8 out of 10, which might enable hackers to run malicious code on a sufferer’s iOS system after sending a malicious video file.

“The manipulation with an unknown enter results in a reminiscence corruption vulnerability,” stated Pieter Arntz, an intelligence researcher at Malwarebytes. “To take advantage of this vulnerability, attackers must drop a crafted video file on the person’s WhatsApp messenger and persuade the person to play it.”

Each flaws are patched within the newest variations of WhatsApp. Replace right now.