{"id":386626,"date":"2022-09-28T04:44:29","date_gmt":"2022-09-28T06:44:29","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-bogues-critiques-de-whatsapp-auraient-pu-permettre-aux-attaquants-de-pirater-des-appareils-a-distance\/"},"modified":"2022-09-28T04:44:30","modified_gmt":"2022-09-28T06:44:30","slug":"des-bogues-critiques-de-whatsapp-auraient-pu-permettre-aux-attaquants-de-pirater-des-appareils-a-distance","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-bogues-critiques-de-whatsapp-auraient-pu-permettre-aux-attaquants-de-pirater-des-appareils-a-distance\/","title":{"rendered":"Des bogues critiques de WhatsApp auraient pu permettre aux attaquants de pirater des appareils \u00e0 distance"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>WhatsApp a publi\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.whatsapp.com\/security\/advisories\/2022\/?lang=en\" target=\"_blank\">mises \u00e0 jour de s\u00e9curit\u00e9<\/a> pour corriger deux failles dans son application de messagerie pour Android et iOS qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance sur des appareils vuln\u00e9rables.<\/p>\n<p>L&#8217;un d&#8217;eux concerne <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-36934\" target=\"_blank\">CVE-2022-36934<\/a> (score CVSS\u00a0: 9,8), une vuln\u00e9rabilit\u00e9 critique de d\u00e9bordement d&#8217;entier dans WhatsApp qui entra\u00eene l&#8217;ex\u00e9cution de code arbitraire simplement en \u00e9tablissant un appel vid\u00e9o.<\/p>\n<p>Le probl\u00e8me affecte WhatsApp et WhatsApp Business pour Android et iOS avant les versions 2.22.16.12.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/Des-chercheurs-identifient-3-groupes-hacktivistes-soutenant-les-interets-russes.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La plate-forme de messagerie appartenant \u00e0 Meta a \u00e9galement corrig\u00e9 un bogue de sous-d\u00e9passement d&#8217;entier, qui fait r\u00e9f\u00e9rence \u00e0 une cat\u00e9gorie oppos\u00e9e d&#8217;erreurs qui se produisent lorsque le r\u00e9sultat d&#8217;une op\u00e9ration est trop petit pour stocker la valeur dans l&#8217;espace m\u00e9moire allou\u00e9.<\/p>\n<p>Le probl\u00e8me de haute gravit\u00e9, compte tenu de l&#8217;identifiant CVE <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27492\" target=\"_blank\">CVE-2022-27492<\/a> (score CVSS\u00a0: 7,8), affecte WhatsApp pour Android avant les versions 2.22.16.2 et WhatsApp pour iOS version 2.22.15.9, et peut \u00eatre d\u00e9clench\u00e9 lors de la r\u00e9ception d&#8217;un fichier vid\u00e9o sp\u00e9cialement con\u00e7u.<\/p>\n<p>Exploitant <a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/190.html\" target=\"_blank\">d\u00e9bordements d&#8217;entiers<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/191.html\" target=\"_blank\">d\u00e9bordements<\/a> sont un tremplin pour induire un comportement ind\u00e9sirable, provoquant des plantages inattendus, une corruption de la m\u00e9moire et l&#8217;ex\u00e9cution de code.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>WhatsApp n&#8217;a pas partag\u00e9 plus de d\u00e9tails sur les vuln\u00e9rabilit\u00e9s, mais la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 Malwarebytes <a rel=\"nofollow noopener\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/critical-whatsapp-vulnerabilities-patched-check-youve-updated\" target=\"_blank\">a dit<\/a> qu&#8217;ils r\u00e9sident dans deux composants appel\u00e9s gestionnaire d&#8217;appels vid\u00e9o et gestionnaire de fichiers vid\u00e9o, ce qui pourrait permettre \u00e0 un attaquant de prendre le contr\u00f4le de l&#8217;application.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s sur WhatsApp peuvent \u00eatre un vecteur d&#8217;attaque lucratif pour les acteurs de la menace qui cherchent \u00e0 implanter des logiciels malveillants sur des appareils compromis.  En 2019, un <a rel=\"nofollow noopener\" href=\"https:\/\/thenextweb.com\/news\/psa-update-whatsapp-now-to-prevent-spyware-from-being-installed-on-your-phone\" target=\"_blank\">d\u00e9faut d&#8217;appel audio<\/a> a \u00e9t\u00e9 exploit\u00e9 par le fabricant isra\u00e9lien de logiciels espions NSO Group pour injecter le logiciel espion Pegasus.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/critical-whatsapp-bugs-could-have-let.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WhatsApp a publi\u00e9 mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger deux failles dans son application de messagerie pour Android et iOS qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance sur des appareils vuln\u00e9rables. L&#8217;un d&#8217;eux concerne CVE-2022-36934 (score CVSS\u00a0: 9,8), une vuln\u00e9rabilit\u00e9 critique de d\u00e9bordement d&#8217;entier dans WhatsApp qui entra\u00eene l&#8217;ex\u00e9cution de code arbitraire [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":386627,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8737,11865,2971,507,14862,4168,5729,4158,4165,4161,133,2526,4157,4159,4171,4170,4167,4160,4163,4162,5848,22524,4172,4169,4166,4164,13553],"class_list":["post-386626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-appareils","tag-attaquants","tag-auraient","tag-aux","tag-bogues","tag-comment-pirater","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-distance","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-permettre","tag-pirater","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-whatsapp"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/386626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=386626"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/386626\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/386627"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=386626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=386626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=386626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}