WhatsApp has discovered two very dangerous vulnerabilities within it, here’s how to fix it and how not to risk them stealing our data
WhatsApp has released an announcement on its own page dedicated to the security of the app. According to the technology magazine The Verge, the note was issued on 23 September, which states that it is necessary to update the application, in the face of two vulnerabilities considered very dangerous. The bugs, already fixed in the new available version, could still affect users who have not proceeded with the update.
The first bug would allow an attacker hacker to exploit a code error known as "integer overflow", allowing him to execute his code on a victim’s smartphone after sending a video call specially prepared.
This vulnerability, which has been assigned the identification code CVE-2022-36934 in the national vulnerability database and with a severity score of 9,8 on 10 on the scale CVE, which equates to a level of severity "critical".
In the same security update, WhatsApp also shared details of a second vulnerability - namely the one from code CVE-2022-27492 - which would allow attackers to execute such code after sending a malicious video file. This vulnerability was scored 7.8 at 10, a severity rating of "high".
It is essential not to underestimate either of these bugs, as if hackers were able to put their strategy into practice, they could steal our data and our private information.
Which versions are affected
Both of these vulnerabilities have been fixed in updated versions recently and should already have been fixed by a large number of users, since the app is set to automatically update itself in most of smartphone. According to the security advisory, the vulnerabilities concern:
- WhatsApp for Android - versions older than v2.22.16.12
- WhatsApp Business for Android - versions older than v2.22.16.12
- WhatsApp for iOS - versions earlier than v2.22.16.12
- WhatsApp Business for iOS - versions earlier than v2.22.16.12
Regardless of these two possible threats, it is advisable in any case to always keep your applications updated to their latest version, as this makes the user more protected from infiltrations external.
