[German]Meta subsidiary WhatsApp warns about two vulnerabilities in its apps for Android and iOS that put users' security at risk. Both vulnerabilities allow remote code execution – so the apps should be updated promptly.
WhatsApp has published a corresponding security advisory for September 2022, which discloses the details of the two vulnerabilities.
-
CVE-2022-36934: An integer overflow in WhatsApp for Android before v2.22.16.12, Business for Android before v2.22.16.12, iOS before v2.22.16.12, Business for iOS before v2.22.16.12 can lead to remote code execution in an established video call.
-
CVE-2022-27492: An integer underflow in WhatsApp for Android before v2.22.16.2 and WhatsApp for iOS v2.22.15.9 could allow remote code execution when receiving a tampered video file.
However, by updating the apps, the two vulnerabilities (one is considered critical) can be closed. (via)