Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / WhatsApp remote code execution vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Severity level: Critical – base score 9.8 out of 10, exploitation will likely result in root level compromise.

An integer overflow vulnerability within WhatsApp could result in remote code execution (RCE) in an established video call. This vulnerability is being tracked as CVE-2022-36934.

Impact

The compromise of the WhatsApp app can result in the complete loss of stored private messages, digital media and contact information stored on the affected device. This includes both personal media and business related media should any be held on the device.

Vulnerability Detection

Since its discovery this vulnerability has been patched. Therefore its detection depends on the patching status of your device. The affected versions of WhatsApp can be found below. To check your device’s WhatsApp version within the app, go to settings and select help; the version will be displayed at the top of your screen.

Affected Products

This vulnerability affects the following WhatsApp versions:

  • Android prior to v2.22.16.12
  • Business for Android prior to v2.22.16.12
  • iOS prior to v2.22.16.12
  • Business for iOS prior to v2.22.16.12

Containment, Mitigations & Remediations

Customers are strongly advised to patch to the latest security update as soon as possible to remove a malicious actor’s ability to exploit this vulnerability. Updates can be found within the device’s app store.

It is strongly advised that customers maintain regular patching cycles to safeguard against future vulnerabilities and exposures.

Additionally, customers are advised to enable multi-factor authentication (MFA) with the app as an additional layer of protection. This can be done within the app’s settings tab.

Indicators of Compromise

No IOCs.

Threat Landscape

Opportunistic threats such as these will almost certainly continue to be exploited by malicious threat actors as the vulnerabilities are discovered and shared across online forums.

Threat Group

Initial reports suggest APT33 have been exploiting this threat, however, due to the threat’s opportunistic nature, additional groups are likely to adopt the technique.

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T1133 – External Remote Services

Further Information

WhatsApp Advisory

Intelligence Terminology Yardstick