Two "remote code execution" vulnerabilities affecting WhatsApp could allow attackers to gain complete control of a targeted user's mobile application.
The first vulnerability affects the Video Call Handler component where an attacker can exploit the app during a video call with a targeted user to take complete control of their WhatsApp app.
Versions which are affected by this vulnerability are:
- WhatsApp for iOS and Android before version 126.96.36.199
- WhatsApp Business for iOS and Android before version 188.8.131.52
The second vulnerability affects the Video File Handler component by sending a specially crafted video file to targeted users and convincing them to play it.
Versions affected by the second vulnerability are:
- WhatsApp for Android before version 184.108.40.206
- WhatsApp for iOS before version 220.127.116.11
WhatsApp users are strongly advised to update their application to the latest version immediately.