WhatsApp, Meta’s instant messaging and calling service, has published details of a ‘critical’ vulnerability that has been patched in a new version of the app but may still affect older installed versions that haven’t been updated.
There were details regarding the vulnerability revealed A September update to WhatsApp’s page on security advisories affecting the app came to light on September 23.
In the update, WhatsApp shared the detailed issue related to the vulnerability CVE-2022-36934, according to “WhatsApp for Android had integer overflow before v2.22.16.12, Business for Android v2.22.16.12, and iOS before v2.22.16.12. Prior to 12, business prior to v2.22.16.12 for iOS may allow remote code execution in established video calls.”
According to the details, the bug would allow an attacker to overflow an integer, after which they could gain access to execute their own code on the victim’s smartphone via a specially crafted video call.
This vulnerability has been given a severity score of 9.8 out of 10 on the CVE scale.
In the same security advisory update, WhatsApp also disclosed another vulnerability, CVE-2022-27492. According to the social media company, “An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could allow remote code execution when receiving a video file created.”
That said, the bug would allow attackers to execute code on a victim’s smartphone using a malicious video file. Vulnerability gets a score of 7.8 out of 10.
In an India-related development for the social media platform, the head of WhatsApp’s India payments business, Manesh Mahatme, has left more than a year with the Meta platform-owned company to join Amazon India, a source told Reuters on Thursday.
Mahatme’s exit comes at a critical time for WhatsApp, which is trying to expand its payments services in a highly competitive market and lock horns with more established players such as Alphabet’s Google Pay, Ant Group-backed Paytm and Walmart’s PhonePe.
During his tenure at WhatsApp Pay, the company secured regulatory approval to double its payments to 100 million users in India, its largest market with over half a billion total users.
