|CERT-In Vulnerability Note
Multiple Vulnerabilities in WhatsApp for iOS
Original Issue Date:November 06, 2020
Severity Rating: MEDIUM
- WhatsApp for iOS prior to versions 2.20.111
- WhatsApp Business for iOS prior to versions 2.20.111
- WhatsApp Business for iOS prior to versions 2.20.100
Multiple vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system.
1. Improper Access Control Vulnerability
This vulnerability exists in the Screen Lock feature in WhatsApp and WhatsApp Business due to improper authorization of input. An attacker could exploit this vulnerability by using SIRI to communicate even after the phone is locked.
Successful exploitation of this vulnerability could allow the attacker to bypass security restrictions.
This vulnerability exists in the logging library in WhatsApp and WhatsApp Business for iOS due to a use-after-free error. A remote attacker could exploit this vulnerability by sending a specially crafted animated sticker to the target user while placing a WhatsApp video call on hold, resulting in several events occurring together in sequence.
Successful exploitation of this vulnerability could lead to memory corruption, denial of service conditions or execution of remote code.
- Install the latest and updated version from AppStore.
IBM X-Force Exchange
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003