- Jul 27, 2015
- 5,458
For the last day or two, our news feed has been buzzing with warnings about WhatsApp.
We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted not only that these were zero-day bugs, but also that they’d been discovered internally and fixed by the WhatsApp team itself.
So, what’s the truth? Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
The good news here is that the bugs listed here were apparently patched close to a month ago, even though the latest reports we’ve seen imply that these flaws represent a clear and current danger to WhatsApp users.
As the WhatsApp advisory page points out, these two so-called “zero-day” holes are patched in all flavours of the app, for both Android and iOS, with version numbers 2.22.16.12 or later. According to Apple’s App Store, the current version of WhatsApp for iOS (both Messenger and Business flavours) is already 2.22.19.78, with at five intervening updates released since the first fix that patched the abovementioned bugs, which already dates back a month. On Google Play, WhatsApp is already up to 2.22.19.76 (version don’t always align exactly between different operating systems, but are often close). In other words, if you have set your device to autoupdate, then you ought to have been patched against these WhatsApp threats for about a month already.
To check the apps you have installed, when they last updated, and their version details, open the App Store app on iOS, or Play Store on Android. Tap on your account icon to access the list of apps your installed on your device, including details of when they last updated and the current version number you’ve got.
Naked Security – Sophos News
nakedsecurity.sophos.com