WhatsApp discloses critical bug in older versions, now patched

New Delhi: Meta-owned WhatsApp has revealed a critical bug that could affect older installations on various devices that haven’t been updated to the latest software version.

The vulnerability could allow an attacker to exploit a code bug known as an integer overflow.

“Integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 may result in remote control from remote code execution in an established video call,” WhatsApp said in an update.

During remote code execution, a hacker can execute commands remotely on someone else’s computer device.

Remote Code Execution (RCE) typically occurs as a result of malicious malware downloaded by a server and can occur regardless of the device’s geographic location.

The recently disclosed vulnerability is known as CVE-2022-36934, with a severity score of 9.8 out of 10 on the CVE scale.

WhatsApp also revealed details of another bug that can cause remote code execution when receiving a manually created video file.

Both of these vulnerabilities have been patched in the latest versions of WhatsApp.

WhatsApp on Monday announced it is rolling out Call Links to make it easier to start and join calls with just one tap.

The company also started testing secure and encrypted group video calls for up to 32 people on WhatsApp.