WhatsApp “zero-day exploit” message horrors – what you need to know

WhatsApp "zero-day exploit" message horrors - what you need to know
Written by admin

For the past day or two, our newsfeed has been buzzing with warnings about WhatsApp.

We have seen many reports linking to two tweets claiming the existence of two zero-day vulnerabilities in WhatsApp and their bug IDs as CVE-2022-36934 and CVE-2022-27492.

An article apparently based on those tweets breathlessly insisted that not only were these bugs zero-day, but that they were discovered internally and fixed by the WhatsApp team themselves.

However, by definition a zero day refers to a bug that attackers discovered and exploited before a patch was available, so there were zero days when even the most proactive sysadmin with the most progressive attitude towards patching could have been ahead of the game.

In other words, the whole idea of ​​saying a bug is a zero-day (often written with just one digit, as 0 day) is to convince people that the patch is at least as important as ever, and maybe more important than that because installing the patch is more about catching up with the crooks than getting ahead of them be.

If developers discover a bug themselves and patch it themselves in their next update, that’s not a zero day, because the good guys were there first.

The same applies when security researchers follow the principle responsible disclosurewhere they provide a vendor with the details of a new bug but commit to not releasing those details for an agreed period of time to give the vendor time to create a patch, this is not zero-day.

Setting a responsible disclosure period for posting a description of the bug serves two purposes, namely that the researcher ultimately gets credit for the work, while preventing the vendor from sweeping the issue under the rug, knowing it will be there anyway finally outed.

So what is the truth?

Is WhatsApp currently being actively attacked by cybercriminals? Is this a clear and current danger?

How Concerned Should WhatsApp Users Be?