Integer Overflow in established WhatsApp video call can cause remote code execution

Alert Severity: Critical
Issue Date: 2022-09-22
CVE(s): CVE-2022-36934
CVSS Score: 9.8
Impacted Products and Versions: WhatsApp running on Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12
Table of Contents
Description:
WhatsApp has released an advisory stating that an integer overflow on older Android and iOS versions could result in remote code execution in an established video call.
Any user using WhatsApp in older devices is prone to remote code execution attacks. Attacker can install software on your phone, without user knowledge and can get access of user confidential data.
Mitigation:
There is no mitigation available for this vulnerability. Users are advised not to use WhatsApp on older devices. Any android device before 2.0 Froyo OS (before 2010) and iPhone OS 2 (before 2008/2009, iPhone 3G) are susceptible to this vulnerability.