29 SEP 2022
Two "remote code execution" vulnerabilities affecting WhatsApp could allow attackers to gain complete control of a targeted user's mobile application.
The first vulnerability affects the Video Call Handler component where an attacker can exploit the app during a video call with a targeted user to take complete control of their WhatsApp app.
Versions which are affected by this vulnerability are:
- WhatsApp for iOS and Android before version 220.127.116.11
- WhatsApp Business for iOS and Android before version 18.104.22.168
The second vulnerability affects the Video File Handler component by sending a specially crafted video file to targeted users and convincing them to play it.
Versions affected by the second vulnerability are:
- WhatsApp for Android before version 22.214.171.124
- WhatsApp for iOS before version 126.96.36.199
WhatsApp users are strongly advised to update their application to the latest version immediately.
For more information