Recently Whatsapp released a security advisory to address two vulnerabilities in the WhatsApp Messenger application. The vulnerabilities are an integer overflow in unpatched WhatsApp for Android and iOS that could result in remote code execution in an established video call and an integer underflow in WhatsApp for unpatched Android and iOS that could cause remote code execution when receiving a crafted video file.
The vulnerability could cause remote code execution in an established video call and receiving a crafted video file.
3.0 Affected Product
- WhatsApp for Android prior to v22.214.171.124
- Business for Android prior to v126.96.36.199
- iOS prior to v188.8.131.52
- Business for iOS prior to v184.108.40.206
- WhatsApp for Android prior to v220.127.116.11
- WhatsApp for iOS v18.104.22.168iOS prior to v22.214.171.124
Users are advised to update their WhatsApp Messenger application to the latest version immediately.
For iPhone users, this link will be redirected to WhatsApp at App Store for users to check and quickly update to the latest version available. Users can search the app using the search bar in the App Store to navigate to the WhatsApp page.
For Android users, this link will be redirected to WhatsApp at Google Play for users to quickly update to the latest version which is available across all supported Android devices.
Android phone users are advised to update their devices to the latest version whenever it is available.
Google play store: https://play.google.com/store/apps/details?id=com.whatsapp
Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT