SINGAPORE: WhatsApp users should update to the latest version of the popular messaging app after two “remote code execution” vulnerabilities were reported, the Singapore Computer Emergency Response Team (SingCERT) said in a notice on Wednesday (Sep 28).
There are currently no reports of active exploitation of these vulnerabilities, the agency said.
The first vulnerability affects the WhatsApp Video Call Handler component, allowing an attacker to exploit the vulnerability during a video call to a targeted user, and take complete control of their WhatsApp application, SingCERT said.
This vulnerability affects WhatsApp and WhatsApp Business for iOS and Android prior to version 2.22.16.12.
The second vulnerability affects the WhatsApp Video File Handler component, allowing an attacker to exploit the vulnerability by sending a specially crafted video file to a targeted user, convincing the user to play it, SingCERT said.
This vulnerability affects WhatsApp for Android prior to version 2.22.16.2, and WhatsApp for iOS version 2.22.15.9.
“Users of affected WhatsApp versions are advised to update to the latest versions immediately,” SingCERT said.
“Users are also encouraged to enable automatic updates (if available) in iOS App Store and Android Play Store to ensure their applications are updated promptly.”
On Sep 13, SingCERT urged Apple users to patch products like Safari, iOS and macOS to the latest version after hackers actively exploited a bug that could allow maliciously written programs to execute arbitrary code.