WhatsApp users should upgrade to the latest version of the popular messaging service after two “remote code execution” vulnerabilities were discovered, according to a warning issued by Singapore’s Computer Emergency Response Team (SingCERT) on Wednesday (Sept. 28).
The organization said there have been no instances of exploitation of these vulnerabilities in the wild.
The first vulnerability affects the WhatsApp Video Call Handler component, allowing an attacker to exploit the vulnerability during a video call to the target user and take full control of their WhatsApp app, SingCERT said.
WhatsApp and WhatsApp Business for iOS and Android up to version 2.22.16.12 are vulnerable to this issue.
The second vulnerability affects the WhatsApp Video File Handler component, allowing an attacker to exploit the vulnerability by sending a specially crafted video file to the target user, convincing the user to play it, SingCERT says.
WhatsApp for Android versions up to 2.22.16.2 and WhatsApp for iOS versions up to 2.22.15.9 are vulnerable to this flaw.
“Users of affected versions of WhatsApp are advised to upgrade to the latest versions immediately,” SingCERT said.
To make sure their apps are always up to date, users are urged to enable automatic updates (where possible) in the iOS App Store and Android Play Store.
After hackers actively exploited a vulnerability in Safari, iOS and macOS on Sept. 13, SingCERT advised users to update the most recent versions of these operating systems to prevent malicious software from executing arbitrary code.
