Instant messaging and calling service WhatsApp has published details of a ‘critical’ vulnerability that has been patched in a newer version of the app but might still affect older installed versions that have not been updated.
According to The Verge, the details regarding the vulnerability were revealed in a September update of WhatsApp’s page on security advisories affecting the app and came to light on September 23.
The critical bug would allow an attacker to exploit a code error known as an integer overflow, letting them execute their own code on a victim’s smartphone after sending a specially crafted video call.
Remote code execution vulnerabilities are a key step in installing malware, spyware, or other malicious applications on a target system, as they give attackers a foot in the door that can be used to further compromise the machine using techniques like privilege escalation attacks, reported The Verge.
The recently disclosed vulnerability has been given a severity score of 9.8 out of 10 on the CVE scale.
In the same security advisory update, WhatsApp also shared details of another vulnerability, CVE-2022-27492, that would let attackers execute code after sending a malicious video file. This vulnerability was scored 7.8 out of 10.
As per The Verge, both of these vulnerabilities are patched in recently updated versions of WhatsApp and should already be fixed in any installation of the app that is set to automatically update.