WhatsApp, Meta’s instant messaging and calling service, has published details of a ‘critical’ vulnerability that has been patched in a newer version of the app but might still affect older installed versions that have not been updated.
WhatsApp, in the update, shared a detailed issue related to vulnerability CVE-2022-36934, according to which “an integer overflow in WhatsApp for Android prior to v188.8.131.52, Business for Android prior to v184.108.40.206, iOS prior to v220.127.116.11, Business for iOS prior to v18.104.22.168 could result in remote code execution in an established video call.”
According to the details, the bug would let an attacker exploit integer overflow, after which they can get access to execute their own code on a victim’s smartphone through a specially crafted video call.
This vulnerability has been given a severity score of 9.8 out of 10 on the CVE scale.
In the same security advisory update, WhatsApp also explained another vulnerability, CVE-2022-27492. According to the social media company, “an integer underflow in WhatsApp for Android prior to v22.214.171.124, WhatsApp for iOS v126.96.36.199 could have caused remote code execution when receiving a crafted video file.”
This said, the bug would let attackers execute the code on the victim’s smartphone using a malicious video file. The vulnerability was scored 7.8 out of 10.
In an India-related development for the social media platform, the head of WhatsApp’s India payment business, Manesh Mahatme, has quit after more than a year with the Meta Platforms-owned company to join Amazon India, a source told Reuters on Thursday.
Mahatme’s exit comes at a critical time for WhatsApp, which is seeking to ramp up its payments service in a highly competitive market and lock horns with more established players such as Alphabet’s Google Pay, Ant Group-backed Paytm and Walmart’s PhonePe.
During his stint at WhatsApp Pay, the company won regulatory approval to more than double its payments offering to 100 million users in India, its biggest market with more than half a billion users overall.