Centre warns WhatsApp users against 2 bugs hackers can exploit
Attention WhatsApp users, you are vulnerable to remote attacks, so better be careful. It's none other than India's cyber security watchdog Computer Emergency Response Team (CERT-In) that has issued this advisory. According to the agency, there are multiple bugs on the messaging platform that is capable of being exploited by hackers. WhatsApp has also confirmed the presence of these security issues.
Why does this story matter?
Currently, rarely a day passes without seeing WhatsApp in news. Mostly, it is about some updates the company is working on. WhatsApp is again in the headlines, but for the wrong reasons. There are multiple security issues on the instant messaging platform that makes its users vulnerable to hackers. Considering the number of people that use WhatsApp, this could affect millions.
The agency and WhatsApp have found two 'high severity' bugs
CERT-In has warned WhatsApp users of two high severity CVEs (Common Vulnerabilities and Exposures) that could allow attackers to execute remote code arbitrarily on the targeted system. CVE-2022-36934 and CVE-2022-27492 have also been detected by WhatsApp's internal security team. The company has marked them 'Critical.' The issue affects both Android and iOS users of the app.
There are integer overflow and integer underflow bugs
The CVE-2022-36934's presence on WhatsApp is due to integer overflow. Hackers can exploit this bug through a video call and execute remote commands. CVE-2022-27492, on the other hand, exists due to integer underflow. To exploit this bug, all a remote attacker has to do is send a specially-crafted video file. Successful exploitation of both will allow a hacker to execute remote code arbitrarily.
Users must update the app to the latest version
To deal with security issues, WhatsApp users are advised to update the app. The CVE-2022-36394 affects WhatsApp for Android and iOS (both standard and business) versions. The CVE-2022-27492 affects WhatsApp for Android before 2.22.16.2 and WhatsApp for iOS before 2.22.15.9. Users may have already been at the receiving end of remote code execution due to these vulnerabilities.
