Monday, November 4, 2024
HomeAndroidNew WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full...

New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

Published on

Malware protection

WhatsApp Bug. WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely.

Facebook-owned messenger WhatsApp is one of the Top-ranked Messenger apps with more than a Billion users around the world on both Android and iPhone.

Both vulnerabilities are marked under “critical” severity with a CVE Score of 10/10 and found by the WhatsApp internal security Team.

- Advertisement - SIEM as a Service

Simplifying these following vulnerabilities, Whatsapp could cause your device to be hacked by receiving a Video File or When on a Video call.

CVE-2022-36934 –  Integer Overflow Bug

An Integer overflow bug that affects WhatsApp allows attackers to execute the specially crafted arbitrary code during an established Video call without any sort of user interaction.

An integer overflow also known as “wraparound” occurs when an integer value is incremented to a value that is too large to store in the associated representation. 

This RCE bug affects an unknown code of the WhatsApp component Video Call Handler, which allows an attacker to manipulate the bug to trigger a heap-based buffer overflow and take complete control of WhatsApp Messenger.

“A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().”

Hackers can take advantage of this remote code execution vulnerability to deploy the malware on the user’s device to steal sensitive files and also use it for surveillance purposes.

According to WhatsApp Advisory “An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.”

CVE-2022-27492 – Integer Underflow Bug

An Integer Underflow vulnerability (CVE-2022-27492) allows attackers to execute the arbitrary code remotely, and user interaction is required to exploit this bug successfully.

“Integer underflow” is sometimes used to identify signedness errors in which an originally positive number becomes negative as a result of subtraction. However, there are cases of bad subtraction in which unsigned integers are involved, so it’s not always a signedness issue.

This issue affects an unknown code block of the component Video File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. 

According to the WhatsApp advisory “An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.”

To exploit this vulnerability, attackers drop a crafted video file on the user’s WhatsApp messenger. The successful execution with the help of user interaction let hackers gain complete access to the messenger and steal sensitive data from your mobile device.

Whatsapp fixed the bugs and released a security advisory for 2 vulnerabilities that affect both the Android & iOS versions of the Following:

CVE-2022-36934

  • Android prior to v2.22.16.12
  • Business for Android prior to v2.22.16.12
  • iOS prior to v2.22.16.12
  • Business for iOS prior to v2.22.16.12

CVE-2022-27492

  • Android prior to v2.22.16.2
  •  iOS v2.22.15.9

So far, no technical details are available for these critical WhatsApp Vulnerabilities, and an exploit is not available at this moment. As 0-day the estimated underground price was around $5k-$25k per vulnerability.

A spokesperson from WhatsApp told GBHackers that there is no evidence found for these vulnerabilities that have been exploited.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistently with industry best practices. In this instance, there is no reason to believe users were impacted.”

Users are advised to update the latest version of WhatsApp Messenger to prevent their devices from these critical RCE bugs.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates 

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...