WhatsApp is the world’s most popular chat app, making it the perfect playground for spreading misinformation and lies. You might spend your time begging your relatives not to believe everything they read in WhatsApp threads, often to no avail. However, there’s finally some WhatsApp news that is worth spreading as far and wide as possible: You need to update WhatsApp now. Tell your parents.
What issues did WhatsApp fix?
Unlike my usual security update posts, there isn’t a new WhatsApp version out today. Instead, WhatsApp revealed two critical security vulnerabilities affecting older versions of its apps on both iOS and Android. If you haven’t updated your WhatsApp app lately, your security is at risk.
Both issues WhatsApp highlighted are “integer overflow” vulnerabilities, which occur when a program attempts to move a value into a space that isn’t large enough to store it. Bad actors can exploit this flaw by bypassing security checks to make sure a particular value meets a certain threshold. Once those security walls are down, these bad actors can then install and run their own code onto your smartphone in what’s known as “remote code execution.”
The first flaw, identified as CVE-2022-36934, allows bad actors to run remote code execution through a simple video call. All you would have to do is answer the call, and your phone could be infected. The second flaw, CVE-2022-27492, allows for remote code execution via a malicious video file.
The ease with which hackers can exploit these security vulnerabilities make them particularly seriously. There’s very little users need to do in order to put themselves in danger, so patching your app as soon as possible is a high priority.
Which versions of WhatsApp are safe?
WhatsApp says the more serious CVE-2022-36934 flaw affects WhatsApp for iOS, WhatsApp for Android, WhatsApp Business for iOS, and WhatsApp Business for Android prior to version 126.96.36.199. CVE-2022-27492 doesn’t actually threaten WhatsApp Business, instead affecting only WhatsApp for iOS prior to version 188.8.131.52, and WhatsApp for Android prior to version 184.108.40.206.
WhatsApp for Android and WhatsApp Business for Android are currently on version 220.127.116.11, and WhatsApp for iOS and WhatsApp Business for iOS are on version 18.104.22.168, so if you’ve updated your app in the past month or so, you should be safe. However, you should check for an update now just in case.
These vulnerabilities are particularly pressing for those who do not update their WhatsApp apps frequently (or ever). We all know people who slack on the updates (perhaps you’re one of them). Missing out on the latest features is fine: Leaving yourself open to security vulnerabilities isn’t.
Before anyone pooh-poohs this news as another WhatsApp rumor or misinformation stunt, go ahead and reiterate it isn’t. We’re covering it, The Verge is covering it, and WhatsApp themselves announced the security updates. While you’re at it, remind your parents not to answer strange video calls or open unknown files (videos or otherwise).
How to update WhatsApp on iPhone and Android
Luckily, updating your WhatsApp or WhatsApp Business app is a breeze on any smartphone.
On Android, go to the Play Store, tap your profile icon, then tap Manage apps & device. Look for WhatsApp or WhatsApp Business, then tap “Update” if available. If you have “Enable auto update” turned on, Android might have already updated WhatsApp for you.
On iPhone, open the App Store, then tap your profile icon. Pull down on the page to refresh, then check the list of app updates to see if WhatsApp is available. If so, tap “Update.” Again, if “App Updates” is turned on under “Automatic Downloads” in Settings > App Store, your iPhone may have updated WhatsApp on its own.