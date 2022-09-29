Technology

Centre warns WhatsApp users against 2 bugs hackers can exploit

Centre warns WhatsApp users against 2 bugs hackers can exploit

Written by Athik Saleh Sep 29, 2022, 10:41 am 2 min read

CERT-In has reported two vulnerabilities of high severity in WhatsApp (Photo credit: WhatsApp)

Attention WhatsApp users, you are vulnerable to remote attacks, so better be careful. It's none other than India's cyber security watchdog Computer Emergency Response Team (CERT-In) that has issued this advisory. According to the agency, there are multiple bugs on the messaging platform that is capable of being exploited by hackers. WhatsApp has also confirmed the presence of these security issues.

Context Why does this story matter?

Currently, rarely a day passes without seeing WhatsApp in news. Mostly, it is about some updates the company is working on.

WhatsApp is again in the headlines, but for the wrong reasons. There are multiple security issues on the instant messaging platform that makes its users vulnerable to hackers.

Considering the number of people that use WhatsApp, this could affect millions.

Warning The agency and WhatsApp have found two 'high severity' bugs

CERT-In has warned WhatsApp users of two high severity CVEs (Common Vulnerabilities and Exposures) that could allow attackers to execute remote code arbitrarily on the targeted system. CVE-2022-36934 and CVE-2022-27492 have also been detected by WhatsApp's internal security team. The company has marked them 'Critical.' The issue affects both Android and iOS users of the app.

Bugs There are integer overflow and integer underflow bugs

The CVE-2022-36934's presence on WhatsApp is due to integer overflow. Hackers can exploit this bug through a video call and execute remote commands. CVE-2022-27492, on the other hand, exists due to integer underflow. To exploit this bug, all a remote attacker has to do is send a specially-crafted video file. Successful exploitation of both will allow a hacker to execute remote code arbitrarily.

To deal with security issues, WhatsApp users are advised to update the app. The CVE-2022-36394 affects WhatsApp for Android and iOS (both standard and business) versions. The CVE-2022-27492 affects WhatsApp for Android before 2.22.16.2 and WhatsApp for iOS before 2.22.15.9. Users may have already been at the receiving end of remote code execution due to these vulnerabilities.