JAKARTA - WhatsApp has just discovered a security vulnerability that could pose a danger to its users. Without waiting long, the application immediately fixes the bug.
The vulnerability, WhatsApp said had a critical rating that could affect the Android application, so that attackers could exploit a code error known as integer overflow, they would execute their own code on the victim's phone after sending a specially made video call.
The bug is flagged as CVE-2022-36934 with a severity rating assigned to 9.8 out of 10. This occurs when an application tries to perform a computation but has no space in the allocated memory, causing data to spill and overwrite another part of the system memory with code that potentially dangerous.
These remote code execution vulnerabilities are key in installing malware, spyware, or other malicious applications on the target system, as they provide an opportunity for attackers that can be used to further harm machines using techniques such as privilege escalation attacks.
WhatsApp spokesman Joshua Breckman revealed that a bug was discovered and the company has seen no evidence of an exploit.
VOIR éGALEMENT:
Unfortunately, WhatsApp did not explain further about the bug. However, security research firm Malwarebytes stated in its own technical analysis that the bug was found in a component of the WhatsApp application called "Video Call Handler".
Launching TechCrunch, Wednesday, September 28, the bug if triggered would allow attackers to take complete control over the victim's WhatsApp application.
Both new vulnerabilities have been patched in the latest version of WhatsApp but can still affect older versions that have not been updated. Immediately update your application today.
Previously, this critical memory vulnerability was similar to a bug discovered in 2019, in which WhatsApp blamed Israeli spyware maker NSO Group for targeting 1,400 victims' mobile phones, including journalists, human rights defenders and civilians.
The attack took advantage of a bug in WhatsApp's video calling feature that allowed callers to plant spyware on victims' devices, regardless of whether the call was answered or not.
For your information, the bug affects WhatsApp Android versions prior to v2.22.16.12, WhatsApp Business for Android prior to v2.22.16.12, WhatsApp for iOS prior to v2.22.16.12, WhatsApp Business for iOS prior to v2.22.16.12.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)