In 2022, WhatsApp faced several notable security issues, primarily involving vulnerabilities that could allow remote code execution and data exposure:
- Two critical vulnerabilities were disclosed in WhatsApp versions before v2.22.16.12 for Android and iOS. These included an integer overflow (CVE-2022-36934) that could enable remote code execution during an established video call, and an integer underflow (CVE-2022-27492) that could cause remote code execution when receiving a crafted video file. Both vulnerabilities required users to update their apps promptly to mitigate risk
- In November 2022, a major data breach exposed the phone numbers of nearly 500 million WhatsApp users across 84 countries. Although WhatsApp denied a direct breach of its systems, the leaked data was sold on hacking forums, increasing risks of phishing, spam, and social engineering attacks targeting users
- WhatsApp also faced malware exploits where attackers could infect devices through vulnerabilities in video call features, highlighting the importance of cautious behavior with links and calls on the platform
- Common attack methods included social engineering scams such as impersonation and verification code theft, call forwarding exploits, and infiltration by spyware or malware disguised as legitimate apps or updates
WhatsApp responded by issuing security advisories and patches in 2022 to address these vulnerabilities and continued to enhance security features like two-step verification, device verification, and account protection mechanisms to prevent unauthorized access and fraud
. Users were strongly advised to keep their WhatsApp applications updated to the latest versions and follow best security practices to reduce exposure to these threats
