CVE-2022-36934 | WhatsApp RCE Vulnerability

OVERVIEW

A security flaw in a WhatsApp application could result in remote code execution in an established video call.

A recently discovered RCE vulnerability has been reported under CVE-2022-36934 targeting multiple Android and IOS users. This vulnerability has been published: 2022-09-22 and patched & updated: 2022-09-24

Vulnerability : Integer overflow vulnerability

Note: An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold. The C standard defines this situation as undefined behavior (meaning that anything might happen).

Vulnerable versions

1. Android prior to v2.22.16.12,

2. Business for Android prior to v2.22.16.12,

3. iOS prior to v2.22.16.12,

4. Business for iOS prior to v2.22.16.12

Remediations & Solution

Update the most recent version of WhatsApp which has been released on 12 Sep 2022