With the WhatsApp versions called “September Update”, the developers have closed two security gaps that attackers could have used to foist malicious code on unsuspecting victims. One of the gaps is so serious that it has been classified as a critical security risk.
Detailed information not available
Neither WhatsApp nor the entries in the NIST Common Vulnerabilities and Exposures database provide any more detailed information. However, they indicate that an integer overflow during ongoing video calls could lead to the execution of injected code (CVE-2022-36934, CVSS 9.8Risk “critical“).
The second vulnerability is based on a possible integer underflow that can occur when receiving carefully prepared video files. As a result, attackers could also inject malicious code, explains the note in the WhatsApp security advisory (CVE-2022-27492, CVSS 7.8, hoch).
The last gap concerns WhatsApp for android before version 22.214.171.124 also for iOS before Version 126.96.36.199. The critical vulnerability was also present in the WhatsApp versions 188.8.131.52 for Android as well as before 184.108.40.206 for iOS available and also affects their business versions.
Corrected versions are now available in the respective app stores. WhatsApp 220.127.116.11 is currently up to date on Android. WhatsApp users should check which version is being used on their smartphone and, if necessary, migrate to a current version by uninstalling and reinstalling from the official app store of their own platform.
Recommended Editorial Content
With your consent, an external survey (Opinary GmbH) will be loaded here.
Always load polls Load poll now
About six months ago, the third-party library PJSIP was struggling with vulnerabilities. This is used in WhatsApp Messenger. At the time, however, it was unclear whether the messenger itself was vulnerable as a result.
To home page