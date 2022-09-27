U.S. markets close in 4 hours 21 minutes

  • S&P 500

    3,671.62
    +16.58 (+0.45%)
     

  • Dow 30

    29,335.55
    +74.74 (+0.26%)
     

  • Nasdaq

    10,895.68
    +92.76 (+0.86%)
     

  • Russell 2000

    1,681.27
    +25.39 (+1.53%)
     

  • Crude Oil

    78.52
    +1.81 (+2.36%)
     

  • Gold

    1,639.30
    +5.90 (+0.36%)
     

  • Silver

    18.55
    +0.07 (+0.38%)
     

  • EUR/USD

    0.9619
    +0.0007 (+0.08%)
     

  • 10-Yr Bond

    3.9700
    +0.0920 (+2.37%)
     

  • GBP/USD

    1.0761
    +0.0078 (+0.73%)
     

  • USD/JPY

    144.6770
    -0.0030 (-0.00%)
     

  • BTC-USD

    20,131.84
    +1,089.04 (+5.72%)
     

  • CMC Crypto 200

    459.93
    +0.79 (+0.17%)
     

  • FTSE 100

    7,013.53
    -7.42 (-0.11%)
     

  • Nikkei 225

    26,571.87
    +140.32 (+0.53%)
     

WhatsApp fixes 'critical' security bug that put Android phone data at risk

Carly Page
·2 min read

WhatsApp has published details of a "critical"-rated security vulnerability affecting its Android app that could allow attackers to remotely plant malware on a victim’s smartphone during a video call.

Details of the flaw, tracked as CVE-2022-36934 with an assigned severity rating of 9.8 out of 10, is described by WhatsApp as an integer overflow bug. This happens when an app tries to perform a computational process but has no space in its allotted memory, causing the data to spill out and overwrite other parts of the system's memory with potentially malicious code.

WhatsApp didn’t share any further details about the bug. But security research firm Malwarebytes said in its own technical analysis that the bug is found in a WhatsApp app component called "Video Call Handler," which if triggered would allow an attacker to take complete control of a victim's app.

When reached for comment, WhatsApp did not immediately say if it has evidence of active exploitation or if the vulnerabilities were discovered in-house.

The critical-rated memory vulnerability is similar to a 2019 bug, which WhatsApp ultimately blamed on Israeli spyware maker NSO Group in 2019 for using to target 1,400 victims' phones, including journalists, human rights defenders, and other civilians. The attack leveraged a bug in WhatsApp's audio calling feature that allowed the caller to plant spyware on a victim's device, regardless of whether the call was answered.

WhatsApp also disclosed this week details of another vulnerability, CVE-2022-27492, rated "high" in severity at 7.8 out of 10, which could allow hackers to run malicious code on a victim's iOS device after sending a malicious video file.

“The manipulation with an unknown input leads to a memory corruption vulnerability,” said Pieter Arntz, an intelligence researcher at Malwarebytes. “To exploit this vulnerability, attackers would have to drop a crafted video file on the user’s WhatsApp messenger and convince the user to play it.”

Both flaws are patched in the latest versions of WhatsApp. Update today.

Facebook users sue Meta, accusing the company of tracking on iOS through a loophole

Recommended Stories

  • Undercover Michigan state trooper shot, stable; suspects in custody

    Michigan State Police said an undercover narcotics officer was conducting surveillance.

  • 3 New Products That Have Me Excited for Nvidia's Future

    Today's video focuses on Nvidia (NASDAQ: NVDA) and recent products announced during its 2022 GTC event. Unfortunately, Nvidia's stock price continues to be highly volatile. So I explain why I still plan on holding all my shares.

  • Apple iPhone 14 demand trending ‘ahead of iPhone 13’: Wedbush’s Dan Ives

    Apple still looks to be winning big with its new iPhones despite yawning fears of a global recession, says Wedbush analyst Dan Ives.

  • Tim Cook and Apple Make a Move That Could Annoy China

    Apple no longer wants to be surprised. Like the rest of the multinationals, the iPhone maker has been impacted by the covid-19 pandemic which has exacerbated the disruptions in supply chains. The restrictive measures and lockdowns imposed in China to limit the spread of the virus have particularly affected the local suppliers of many Western companies.

  • Apple Turns to the Pros

    If Apple proves anything with its latest product cycle, it might be that iPhone buyers actually care about what is inside. The iPhone 14 Pro models in particular seem to be experiencing strong demand, with customers now having to wait a month or longer for their deliveries. UBS analyst David Vogt also estimates that wait time in the U.S. for the large-screen iPhone 14 Pro Max is about 9 days longer than for the comparable model in last year’s iPhone 13 family at the same point in its cycle.

  • 11 Best Cloud Stocks To Buy Now

    In this article, we discuss 11 best cloud stocks to buy now. If you want to see more stocks in this selection, check out 5 Best Cloud Stocks To Buy Now. The global cloud computing market is anticipated to reach $1,554.94 billion by 2030, representing a compound annual growth rate of 15.7%. Cloud computing offers […]

  • Movie Night Must-Have: This Portable Outdoor Projector Is On Sale for Under $68 Online

    If setting up an outdoor projector sounds intimidating (and expensive), we have some good news for you: The best outdoor projectors aren’t just wildly easy to start using in your backyard out of the box, but a lot of them are even more affordable than taking your entire family to the theater. From screening new releases like the upcoming Hocus Pocus 2, to even watching live sports on the weekend, watching it all outdoors just got a lot easier thanks to this discount on a top-rated TMY projector

  • Cybersecurity Stocks To Watch Amid Uber Data Breach

    Cybersecurity stocks have underperformed vs. the S&P 500. But cloud security companies may be better positioned as corporate budgets tighten.

  • Artificial Intelligence Stocks To Watch: Big Tech Expands AI Products, Services

    When looking for the best artificial intelligence stocks to buy, identify companies using AI technology to improve products or gain a strategic edge, such as Google, Microsoft and Nvidia.

  • Growth may not be Enough: How Datadog (DDOG) Is Ahead of Competitors in both Good and Bad Metrics

    Datadog (NASDAQ:DDOG) is captivating investors with its high 79% revenue growth rate, and an estimated total addressable market (TAM) value of $53b by 2025. However, the company has a forward price to sales ratio of 14.3x, which is ahead of the 7.9x industry average ratio. In order for this to work for investors, the company must keep up its high performance for more than 6 quarters to reach the average, when it can afford to have lower growth rates.

  • Is T-Mobile A Buy Or Sell? Long-Range Goal Of $60 Billion Buyback Re-Affirmed

    T-Mobile holds an edge in 5G wireless spectrum but will its market share gains vs. rivals continue? What the analysis says about TMUS stock.

  • Europe Considers Making Big Tech Pay for Building the Internet

    (Bloomberg) -- When binge-watching TV became a universal pastime at the height of the pandemic, one of Europe’s top officials called the Chief Executive Officer and co-founder of Netflix Inc. and told him to make his product worse. Most Read from BloombergGermany Suspects Sabotage Hit Russia’s Nord Stream PipelinesEverything-Selloff on Wall Street Deepens on 98% Recession OddsStocks, Commodities Drop; US Treasury Yields Surge: Markets WrapJohn Paulson on Frothy US Housing Market: This Time Is Di

  • 2 Software Stocks I'm Buying on Repeat During This Bear Market

    These two companies have durable earnings streams that should hold up even if the economy takes a tumble.

  • Google says shared network costs is 10-year-old idea, bad for consumers

    Alphabet unit Google on Monday rebuffed a push by European telecoms operators to get Big Tech to help fund network costs, saying it was a 10-year-old idea that was bad for consumers and that the company was already investing millions in internet infrastructure. The comments by Matt Brittin, president of EMEA business & operations at Google, come as the European Commission said it would seek feedback from the telecoms and tech industries on the issue in the coming months before making any legislative proposal. Deutsche Telekom, Orange, Telefonica and other big operators have long complained about tech rivals freeriding on their networks, saying that they use a huge part of internet traffic and should contribute financially.

  • The Morning After: Netflix is building its own game studio

    NASA successfully hurled its DART spacecraft into an asteroid, Netflix is building its own game studio, Apple Watch Ultra teardown confirms it's rugged, but not easily repaired.

  • Microsoft leads $20M funding round for Web3 data warehouse

    The startup is working to make large data sets held by businesses on and off blockchain protocols more accessible.

  • Alphabet (GOOGL) Boosts Google Photos With Recent Upgrades

    Alphabet's (GOOGL) Google is gearing up to roll out new features in Google Photos to provide an enhanced experience to users.

  • Fujifilm X-H2S review: The most powerful APS-C camera yet

    With the X-H2S, Fujifilm has a new flagship camera.

  • Apple iPhone 14 Pro Models Could Give Company A Profit Boost

    Two weeks after the launch of Apple's iPhone 14, demand remains hot for the Pro models but is cool for the regular models, analysts say.

  • Is Cisco Stock A Buy Or Is Rival Arista Networks The Better Option?

    The outlook for CSCO stock depends on trends for cloud computing, plus corporate and telecom networks amid the shift to remote work.