WhatsApp owner Meta has revealed that a critical bug in older installations was fixed now and advised all users to update their devices with latest software version.
It said the vulnerability could allow an attacker to exploit a code error known as an integer overflow. “An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call,” WhatsApp said in an update.
Remote code executions (RCEs) usually occur due to malicious malware downloaded by the host and can happen regardless of the device’s geographic location and a hacker can remotely execute commands on someone else’s computing device.
The recently disclosed vulnerability called CVE-2022-36934, with a severity score of 9.8 out of 10 on the CVE scale and another bug that could have caused remote code execution when receiving a crafted video file – have been patched in the latest WhatsApp version, said the company.
WhatsApp is also rolling out Call Links to make it easier to start and join a call in just one tap and is testing secured and encrypted group video calls for up to 32 people on WhatsApp.