14 March 2024

Security I Trust

Helping you build Security and Trust

CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

1 min read

CVE-2022-36934 Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

Risk: Critical
CVE ID: CVE-2022-36934
CVSS Score: 9.8
Impacted Product: WhatsApp and WhatsApp Business for Android and iOS Up to 2.22.16.12
CVE-ID: CWE-190 & CWE-122
Published Date: 03 Oct 2022
Updated:

Vulnerability Threat & Description:
An integer overflow vulnerability in WhatsApp leading to remote code execution in an established video call. An attacker can exploit this vulnerability by manipulating the WhatsApp component Video Call Handler so that a heap-based buffer overflow can be triggered and WhatsApp Messenger can be taken over.

Remediation Level: Install Vender Security Update
Attack Vector: Network
Authentication requested: None
Privileges Required: None
Patch Available: Yes
Public Exploit available:
Attack Complexity: Low
User Interaction: None
Impact on:
• Confidentiality: High
• Integrity: None
• Availability: None

More Info: