WhatsApp wants you to update the app urgently, here’s why – Times of India

WhatsApp has revealed two critical zero-day vulnerabilities that have been fixed in the latest version of the app but could still pose a threat to users’ having the older version of the app installed on their phones.
These two critical vulnerabilities have been detailed on WhatsApp’s Security Advisories page. These bugs came to light on September 23, and have been fixed now with the latest update.
The two critical vulnerabilities with identification numbers — CVE-2022-36934 and CVE-2022-27492 — affected WhatsApp for Android, iOS, and Business for Android, iOS apps.
The CVE-2022-3934 has been given a severity score of 9.8 out of 10, making it a ‘critical’ threat. Meanwhile, the CVE-2022-27492 has been marked as a ‘high’ risk threat with a score of 7.8 out of 10 on the CVE scale.
The critical bugs would allow a bad actor to exploit a code error known as an integer overflow, allowing remote code execution on one’s smartphone during an “established video call” or through a “specially crafted video file.”
Both of these zero-day vulnerabilities have been patched in recent releases of WhatsApp. So, it is highly advised to update WhatsApp to the latest version on your phone.
Although, these bugs could still be a threat to users’ of previous versions of WhatsApp. As per the security advisory, the bug could affect: WhatsApp for Android prior to v2.22.16.12, WhatsApp for iOS prior to v2.22.16.12 WhatsApp Business for Android prior to v2.22.16.12 and WhatsApp Business for iOS prior to v2.22.16.12.

!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [
‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’ ,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-1.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-14.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (!false && !false && (url.indexOf(‘tvid.in/sdk’) !== -1 || url.indexOf(‘connect.facebook.net’) !== -1 || url.indexOf(‘locateservice_js’) !== -1 )) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1 && url.indexOf(‘tvid.in/sdk’)== -1 && url.indexOf(‘connect.facebook.net’) == -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}

Source link