Get in Touch
Please get in touch using the form below.
WhatsApp remote code execution vulnerability
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Severity level: Critical – base score 9.8 out of 10, exploitation will likely result in root level compromise.
An integer overflow vulnerability within WhatsApp could result in remote code execution (RCE) in an established video call. This vulnerability is being tracked as CVE-2022-36934.
Impact
The compromise of the WhatsApp app can result in the complete loss of stored private messages, digital media and contact information stored on the affected device. This includes both personal media and business related media should any be held on the device.
Vulnerability Detection
Since its discovery this vulnerability has been patched. Therefore its detection depends on the patching status of your device. The affected versions of WhatsApp can be found below. To check your device’s WhatsApp version within the app, go to settings and select help; the version will be displayed at the top of your screen.
Affected Products
This vulnerability affects the following WhatsApp versions:
- Android prior to v2.22.16.12
- Business for Android prior to v2.22.16.12
- iOS prior to v2.22.16.12
- Business for iOS prior to v2.22.16.12
Containment, Mitigations & Remediations
Customers are strongly advised to patch to the latest security update as soon as possible to remove a malicious actor’s ability to exploit this vulnerability. Updates can be found within the device’s app store.
It is strongly advised that customers maintain regular patching cycles to safeguard against future vulnerabilities and exposures.
Additionally, customers are advised to enable multi-factor authentication (MFA) with the app as an additional layer of protection. This can be done within the app’s settings tab.
Indicators of Compromise
No IOCs.
Threat Landscape
Opportunistic threats such as these will almost certainly continue to be exploited by malicious threat actors as the vulnerabilities are discovered and shared across online forums.
Threat Group
Initial reports suggest APT33 have been exploiting this threat, however, due to the threat’s opportunistic nature, additional groups are likely to adopt the technique.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
T1133 – External Remote Services
Further Information