27 Sep. (Portaltic/EP) –
WhatsApp With the latest updates to its service, it has corrected two vulnerabilities classified with a critical and high severity, respectively, that would allow remote code execution.
The technology company has updated its website security warnings with two vulnerabilities that have already been corrected in the latest versions of the app, but that can put users of less recent versions at risk.
A vulnerability, identified as CVE-2022-36934, would allow remote code execution for a manipulated video call. It affects versions prior to 2.22.16.12, both WhatsApp for Android and iOS, and Business for Android and iOS.
The second, CVE-2022-27492, would also allow remote execution of malicious code, only this time through a malicious video file. It affects versions prior to WhatsApp for Android v2.22.16.2 and for iOS v2.22.15.9.
CVE-2022-36934 is classified as a critical severity vulnerability, on a scale of 9.8 out of 10, while CVE-2022-27492 it has been determined as high severity, with a 7.8 out of 10.
