WhatsApp fixes two zero-day vulnerabilities that could have led hackers to take complete control of the app on a user’s device. The common vulnerability and exposure (CVE) were assigned a score of 10/10 and were marked as critical in the severity group. Due to the vulnerabilities, a threat actor could launch malware, steal sensitive data, watch over the user’s activities, and hack the entire device, among other threats.
Using the vulnerabilities, a hacker could remotely execute an arbitrary code by sending a video file or a video call that would initiate the attack. The code would automatically run when a user attends the call.
Although the two critical vulnerabilities have been fixed, a report by news platform GBHackers suggests that the severity of its impact could have been high. The vulnerabilities were detected by WhatsApp’s internal team and impacted Android and IOS devices. However, no user has been affected so far. “We make public reports on potential issues we have fixed consistently with industry best practices. In this instance, there is no reason to believe users were impacted,” a WhatsApp spokesperson told the news website.
While the CVE-2022-27492 and CVE-2022-36934 were fixed, no further information has been available. Moreover, exploits based on these vulnerabilities are yet to be detected. Vulnerabilities as severe as these can put billions of WhatsApp users at risk. Hence, users need to keep the app updated to avoid being victims of such exploits and bugs.
CVE-2022-36934, the integer overflow bug, can allow the attacker to run an arbitrary code during a video call. It gives the hacker complete access to the WhatsApp messenger app and does not require any action from the user’s side.
CVE-2022-27492, the Integer underflow bug, requires user interaction to run the planned exploit. The underflow bug can cause memory damage when the user accesses a corrupted video file sent by the attacker. Following this, the hacker could exploit any information from the device.
These cases reinforce that ATM jackpotting is no longer a niche cybercrime tactic but part of organized financial crime networks.
This signals that DSA enforcement is moving beyond content moderation into deeper operational transparency.
Campaign involving network infiltration, ransomware deployment and phishing operations designed to destabilize essential services in UAE, blocked.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More