Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking
Table Of Content
Home

Resources

Blog
Sep 28, 2022
3 Mins Read

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking

WhatsApp’s September security update fixes two high-severity flaws that could result in remote code execution. The flaws affect WhatsApp and WhatsApp Business versions before 2.22.16.12 in iOS and Android operating systems. 

To see which version is currently used: 

  1. Open WhatsApp 
  2. Go to Options –> Settings –> Help 
  3. From there, click App Info and see the version. 

Details of the Vulnerabilities

The critical integer overflow vulnerability, tracked as CVE-2022-36934, has a CVSS score of 9.8 and is exploited by simply participating in video calls.

When an integer is given a value too large to store in allocated memory space, this results in an integer overflow.

MalwareBytes explains, “By writing a larger value into the memory, an attacker could overwrite other parts of the system memory and abuse that ability to remotely execute code.” 

The second mentioned flaw in an update, CVE-2022-27492 (CVSS score: 7.8), is an integer underflow vulnerability that occurs because the value is too small, contrary to an overflow. This could also make way for remote code execution when the user receives a specially crafted video file.

Integer overflow and underflow exploits can be used to produce unwanted behavior, such as unexpected crashes, memory corruption, and code execution. 

WhatsApp did not provide more details on the flaws. However, cybersecurity company Malwarebytes reported that CVE-2022-36934 impacts the Video Call Handler component, while CVE-2022-27492 affects the Video File Handler component. 

There is no proof that the flaws have been used in the wild. 

Versions 2.22.16.2 and 2.22.15.9, respectively, for iOS and Android, have been released to fix the issue in Whatsapp. 

Valuable Attack Vector for Threat Actors

Threat actors may find WhatsApp vulnerabilities a valuable attack vector when installing malicious software on infected devices. 

Recent years have seen instances of WhatsApp zero-days infecting smartphones with malware. WhatsApp has even sued Israeli spyware company NSO Group because of infecting users’ phones. 

The business that buys vulnerabilities, Zerodium, is now offering up to $1 million for WhatsApp exploits that lead to remote code execution and local privilege escalation and up to $1.5 million if the attack doesn’t involve user interaction. 

Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024
SOCRadar® Cyber Intelligence Inc. | Cyber Reflections of Iran's Attack on Israel
Cyber Reflections of Iran's Attack on Israel
Apr 15, 2024