WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices.
One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.
The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.
The high-severity issue, given the CVE identifier CVE-2022-27492 (CVSS score: 7.8), affects WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be triggered upon receiving a specially crafted video file.
Exploiting integer overflows and underflows are a stepping stone towards inducing undesirable behavior, causing unexpected crashes, memory corruption, and code execution.
Mitigation: Keep your WhatsApp installation updated.