The development was dubbed critical in terms of security and was drastically affecting the app that was carrying out the tasks on a remote basis through victims’ smart devices.
The company was seen publishing new details on the matter including an emphasis on the flaw that was first tracked and then given a massive security rating of 9.8 out of 10. Now, it’s being outlined as a huge integer bug. This usually occurs when the app makes efforts to perform the computational process. However, due to a lack of space in its memory drive, data ends up spilling in all directions and starts overwriting parts with dangerous codes.
As of now, that’s all the information that was provided by the company in this regard. But an expert firm named Malwarebytes says that while doing their own technical analysis, the bug was seen lying around in an app dubbed ‘video call handler’. And when that’s triggered, it enables attackers to have full control of the victim’s application.
A spokesperson for the firm was seen telling TechCrunch how the bugs had been seen in-house. Moreover, he added how as of now, there is no public evidence of exploitation.
This critical-rated vulnerability is quite like a bug from 2019 that was automatically blamed on a spyware producer group called NSO 2019. The motive was to attack around 1400 target devices of users such as journalists, civilians, and those defending human rights. And this wasn’t dependent on if a call got answered or not.
In the same way, the app was seen disclosing some more details regarding another vulnerability that had a security rating of nearly 7.8. This allowed the attackers to run dangerous codes on iOS devices and send out malicious video-based files too.
These types of manipulations that have unknown inputs can cause memory corruption, explained one tech analyst. Therefore, while exploiting such vulnerabilities, attackers end up dropping customized video files on users’ devices through WhatsApp messenger. They also ended up convincing users to play around with it.
Both of these mega flaws were confirmed as fixed by the company’s latest update today.
Read next: Phishing Attacks Are At Their Highest As Figures Quadruple From 2020, Claims New Study