304 North Cardinal St.
Dorchester Center, MA 02124
Meta-owned WhatsApp has revealed a critical bug that could affect older installations on various devices that have not been updated with the latest software versions.
This vulnerability could allow an attacker to exploit a code flaw known as integer overflow.
“An integer overflow in WhatsApp for Android before v18.104.22.168, Business for Android before v22.214.171.124, iOS before v126.96.36.199, Business for iOS before v188.8.131.52 can result in remote code execution in of an established video call,” WhatsApp said in an update.
With remote code execution, a hacker can remotely execute commands on someone else’s computer device.
Remote code execution (RCE) usually occurs as a result of malicious malware downloaded by the host and can occur regardless of the device’s geographic location.
The recently disclosed vulnerability was named CVE-2022-36934 with a severity score of 9.8 out of 10 on the CVE scale.
WhatsApp also revealed details of another bug that could cause remote code execution when receiving a crafted video file.
Both these vulnerabilities have been fixed in the latest versions of WhatsApp.
WhatsApp announced on Monday that it is rolling out call links to make it easier to start and join a call with a single tap.
The company has also started testing secure and encrypted group video calls for up to 32 people on WhatsApp.