WhatsApp users should update to the newest version of the popular messaging service after two “remote code execution” vulnerabilities were detected, according to an alert issued by the Singapore Computer Emergency Response Team (SingCERT) on Wednesday (Sep 28).
The organization reported that there have been no known instances of these vulnerabilities being exploited in the wild.
The first vulnerability affects the WhatsApp Video Call Handler component, allowing an attacker to exploit the vulnerability during a video call to a targeted user, and take complete control of their WhatsApp application, SingCERT said.
WhatsApp and WhatsApp Business for iOS and Android prior to version 2.22.16.12 are vulnerable to this issue.
The second vulnerability affects the WhatsApp Video File Handler component, allowing an attacker to exploit the vulnerability by sending a specially crafted video file to a targeted user, convincing the user to play it, SingCERT said.
WhatsApp for Android versions prior to 2.22.16.2 and WhatsApp for iOS versions prior to 2.22.15.9 are susceptible to this flaw.
“Users of affected WhatsApp versions are advised to update to the latest versions immediately,” SingCERT said.
To make sure their apps are always up-to-date, users are urged to enable automatic updates (where available) in the iOS App Store and Android Play Store.
After hackers actively exploited a vulnerability in Safari, iOS, and macOS on September 13, SingCERT advised users to update to the most recent versions of these operating systems in order to prevent malicious software from executing arbitrary code.