Two "remote code execution" vulnerabilities affecting WhatsApp could allow attackers to gain complete control of a targeted user's mobile application.
The first vulnerability affects the Video Call Handler component where an attacker can exploit the app during a video call with a targeted user to take complete control of their WhatsApp app.
Versions which are affected by this vulnerability are:
- WhatsApp for iOS and Android before version 2.22.16.12
- WhatsApp Business for iOS and Android before version 2.22.16.12
The second vulnerability affects the Video File Handler component by sending a specially crafted video file to targeted users and convincing them to play it.
Versions affected by the second vulnerability are:
- WhatsApp for Android before version 2.22.16.2
- WhatsApp for iOS before version 2.22.15.9
WhatsApp users are strongly advised to update their application to the latest version immediately.