Companies all over the world take the best security measures to ensure that no outside parties infiltrate their systems. However, there’s always room for mistakes, which can cost a lot. We’re referring to system vulnerabilities as not even the biggest companies such as WhatsApp are susceptible to.
Apparently, these bugs are happening on a regular basis. A couple of days ago, Sophos disclosed a bug that allows attackers to take full control of their system.
Now, WhatsApp joins the mix as it found a critical vulnerability that allows the execution of arbitrary code simply by establishing a video call. How big is this bug and what can attackers do? here’s what we know.
WhatsApp Vulnerability – A Lucrative Attack Vector
No matter how secure the service is or how big the company has become, the chance of having a vulnerability in their systems is pretty high – it’s just inevitable.
That’s why we keep receiving update notices as they tend to fix what was previously bugged or exposed. Not long ago, iOS also had a vulnerability, but the company released an update patch immediately.
This time around, both OS systems (Android and iOS) are concerned. There are two flaws in the WhatsApp messaging app for Android and iOS that could lead to remote code execution on vulnerable devices.
Code name CVE-2022-36934 – a critical flaw that can be triggered through initiating a video call. Once exploited, the impact goes directly to Meta’s WhatsApp and WhatsApp Business for Android and iOS prior to versions 184.108.40.206.
Another bug tracked as CVE-2022-27492, affects WhatsApp for Android prior to versions 220.127.116.11 and WhatsApp for iOS version 18.104.22.168. This one is similar to the one above in terms of triggers. Instead of a video call, this one relies on receiving a specially crafted video file.
Bugs like these are everything a threat actor looks for to take over your device. They can control it and cause all kinds of disruption practices such as causing unexpected crashes, memory corruption, as well as executing arbitrary codes.
WhatsApp Bug – Impact a Lot, Share So Little
WhatsApp did disclose the bugs, but shared so little about them. However, thanks to security firms like Malwarebytes, the vulnerabilities are embedded within two components called Video Call Handler and Video File Handler.
If exploited, the attacker can take control of the entire application. And we all know how dangerous this is. With control over WhatsApp, the attackers can plant malicious software on compromised devices.
Aside from that, they can spy on everything you do, everyone you talk to, and even harvest sensitive information that might lead to blackmail. Users are advised to update their applications immediately.