As per the recent report shared by the WhatsApp there is bug in the app. When talking about the severity rating of this bug which is very high i.e., 9.8 out of 10. This rating is enough to tell that this is not something to be taken lightly.
According to the WhatsApp, bug CVE-2022-36934 is an integer overflow bug. The bug is present in a component known as “Video call Handler” as well as remote code execution in an established video call.
So, attacker can exploit this bug in an ongoing video call and can take the control of app. Another bug was discovered by the app makers named CVE-2022-36934, which can be used for remote code execution by the help of a video file.
WhatsApp bug CVE-2022-36934 and CVE-2022-36934: What to do?
As per the WhatsApp, these bugs were located by the in-house research team and there were no such incidents that point toward its execution. This ultimately means that WhatsApp has actively found these bugs that can enable attackers to take the complete control of app. The details shared by WhatsApp in its report is as follows:
Bug 1: CVE-2022-36934 An integer overflow in WhatsApp for Android prior to v18.104.22.168, Business for Android prior to v22.214.171.124, iOS prior to v126.96.36.199, Business for iOS prior to v188.8.131.52 could result in remote code execution in an established video call. Bug 2: CVE-2022-27492 An integer underflow in WhatsApp for Android prior to v184.108.40.206, and WhatsApp for iOS v220.127.116.11 could have caused remote code execution when receiving a crafted video file.
The report has stated that the app versions earlier to v18.104.22.168 can enable attackers for remote code execution after the exploitation of these vulnerabilities. Also, WhatsApp has released an update to eliminate these vulnerabilities in the app.
The best thing you can do that, launch the Google play store app and check that any update for WhatsApp is available or not. If there is an update available, I will strongly recommend you to download and install the update for WhatsApp.