Advisories

MA-865.092022: MyCERT Advisory - Whatsapp Security Advisories for CVE 2022-36934 and CVE-2022-27492
  •   26 Sep 2022
  •   Advisory
  •   Whatsapp, CVE 2022-36934, CVE-2022-27492

1.0 Introduction 

Recently Whatsapp released a security advisory to address two vulnerabilities in the WhatsApp Messenger application. The vulnerabilities are an integer overflow in unpatched WhatsApp for Android and iOS that could result in remote code execution in an established video call and an integer underflow in WhatsApp for unpatched Android and iOS that could cause remote code execution when receiving a crafted video file.

2.0 Impact

The vulnerability could cause remote code execution in an established video call and receiving a crafted video file.

3.0 Affected Product

CVE-2022-36934 affects: 

  • WhatsApp for Android prior to v2.22.16.12
  • Business for Android prior to v2.22.16.12
  • iOS prior to v2.22.16.12
  • Business for iOS prior to v2.22.16.12 

CVE-2022-27492 affects:

  • WhatsApp for Android prior to v2.22.16.2
  • WhatsApp for iOS v2.22.15.9iOS prior to v2.22.16.12

4.0 Recommendations

Users are advised to update their WhatsApp Messenger application to the latest version immediately.

For iPhone users, this link will be redirected to WhatsApp at App Store for users to check and quickly update to the latest version available. Users can search the app using the search bar in the App Store to navigate to the WhatsApp page.

App Store: https://itunes.apple.com/my/app/whatsapp-messenger/id310633997?mt=8

For Android users, this link will be redirected to WhatsApp at Google Play for users to quickly update to the latest version which is available across all supported Android devices.

Android phone users are advised to update their devices to the latest version whenever it is available.

Google play store: https://play.google.com/store/apps/details?id=com.whatsapp
 

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Popular Advisories
Archives