WhatsApp Vulnerability “Zero-Day Exploit” News Scare – What You Need to Know

  author
Written By Chirag Arora  
Anuraag Singh
Approved By Anuraag Singh 
Published On November 15th, 2022
Reading Time 5 Minutes Reading

Facebook-owned WhatsApp recently fixed two whatsapp zero day vulnerability in its Android messaging app that could be exploited to remotely run malicious code on the device and even filter out sensitive information. WhatsApp for Android prior to v2.22.16.2 and WhatsApp for iOS v2.22.15.9 are affected by both.

WhatsApp has quietly fixed two critical zero-day vulnerabilities affecting both Android and iOS versions by allowing attackers to remotely execute arbitrary code.
whatsapp-zero-day-vulnerability

Both vulnerabilities are flagged as Critical with a CVE score of 10/10 and detected by WhatsApp’s internal security team.

By facilitating these following vulnerabilities, WhatsApp can cause your device to be hacked when receiving a video file or during a video call.

Whatsapp Zero Day Vulnerability 1 – CVE-2022-27492 – Integer Underflow Bug

Attackers can remotely execute arbitrary code due to an integer underflow vulnerability (CVE-2022-27492), although user involvement is necessary to take advantage of this weakness.

“Integer underflow” is sometimes used to identify signedness errors where an originally positive number becomes negative as a result of subtraction.

This issue is related to an unknown code block of the Video File Manager component. Manipulation with unknown inputs leads to a memory corruption vulnerability. However, there are cases of incorrect subtraction involving unsigned integers, so it’s not always a sign problem.

According to the WhatsApp Advisory “An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.”

Attackers send a modified video file to the user’s WhatsApp message to take advantage of this weakness.

Hackers can take full control of the messenger and steal sensitive data from your mobile device with a successful execution that uses human involvement. WhatsApp Business App are affected by both vulnerabilities.

WhatsApp has fixed the bugs and issued a security advisory for 2 vulnerabilities affecting both Android and iOS versions of the following:

WhatsApp Zero Day Vulnerability 2 – CVE-2022-36934 –  Integer Overflow Bug

When an integer value is increased to a value that is too large to be stored in the associated representation, an integer overflow, commonly referred to as a “wraparound,” takes place.

A WhatsApp flaw that causes integer overflows enables attackers to run specially crafted arbitrary code during active video calls without any user input.

An attacker can use this RCE flaw, which affects the undocumented code of WhatsApp’s Video Call Handler component, to cause a heap-based buffer overflow and seize total control of WhatsApp Messenger.

A heap overflow condition is a buffer overflow in which the overwriteable buffer is allocated in the heap area of memory, typically indicating that the buffer was allocated using a procedure like malloc().

Hackers can exploit this remote code execution vulnerability to distribute malware on user’s device to steal sensitive files and also used for surveillance purposes.

According to WhatsApp’s Advisory “An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.”

CVE-2022-27492

  • Android prior to v2.22.16.2
  •  iOS v2.22.15.9

CVE-2022-36934

  • Android prior to v2.22.16.12
  • Business for Android prior to v2.22.16.12
  • iOS prior to v2.22.16.12
  • Business for iOS prior to v2.22.16.12

No technical details are available on these critical WhatsApp vulnerabilities so far, and an exploit is not currently available. As day 0, the estimated underground price was between $ 5,000 and $ 25,000 per vulnerability.

According to a WhatsApp spokeswoman, there is no proof that these vulnerabilities have been exploited.

WhatsApp Says – “WhatsApp is always looking for ways to make our service’s security better. We report on potential problems that we have fixed in accordance with accepted industry standards. There is no reason to think that the users were impacted in this circumstance.”

Users are advised to update the latest version of WhatsApp Messenger to protect their devices from these critical RCE bugs.

How Dangerous is This?

When you receive a video file or make a video call, WhatsApp can lead your device to be compromised by supporting these serious vulnerabilities.

By exploiting these vulnerabilities, a threat actor could perform several illicit activities:-

  • Launch malware
  • Steal sensitive data
  • Watch over the user’s activities
  • Hack the entire device

Regarding the integer underflow bug in CVE-2022-27492 Attackers put a specially created video file on the user’s WhatsApp messenger to take advantage of this vulnerability. An unidentified code block of the component Video File Handler is affected by this problem.

Hackers can utilise the remote code execution vulnerability in CVE-2022-36934 – Integer Overflow Bug to install malware on the user’s device to steal sensitive files and be used for surveillance. An unidentified code of the Video Call Handler component of WhatsApp is impacted by this RCE bug.

How Can I Avoid the WhatsApp Hack?

Update to the latest version and Enable two-factor authentication (2FA) in WhatsApp and you can easily prevent this from happening by updating to the most recent version.

The existing method of hacking would be useless in this situation since the hacker would also require your security PIN in addition to your phone number.

It’s crucial to employ tools like VPNs and password managers that can significantly lower the likelihood of a hack. But education is as significant. Many people have accounts with services that support 2FA but don’t enable it, numbering in the thousands or perhaps millions.

WhatsApp quietly fixed two serious zero-day flaws that allowed attackers to remotely execute arbitrary code and affected both iOS and Android versions.

One of the most widely used messaging apps is WhatsApp, Facebook’s exclusive messaging service.

WhatsApp silently resolved two critical zero-day vulnerabilities affecting both Android and iOS versions, allowing attackers to remotely execute arbitrary code. WhatsApp, Facebook’s proprietary messenger, is one of the most popular messaging apps with over billions of users around the world on both Android and iPhone.