WhatsApp Discloses 6 Bugs That Allows Attackers to Execute Code Remotely

https://gbhackers.com/whatsapp-vulnerability-2/

WhatsApp is a messaging app used by more than 2 billion users worldwide. All the vulnerabilities are revealed in dedicated security advisory website aimed to provide more transparent details about vulnerabilities for users and security specialists.

” We take the security of our users extremely seriously and we provide industry-leading defense for our users all over the world. Our security group at WhatsApp deals with specialists around the globe to remain ahead of possible hazards,” reads the post.

WhatsApp disclosed 6 security bugs through their dedicated security advisory site that allows enemies to execute remote code.

6 Security Bugs

CVE-2020-1894

It affects WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone before v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30.

When playing a specially crafted push to talk message, a stack compose overflow which enables assaulters to perform approximate code.

CVE-2020-1891

The bug impacts WhatsApp for Android before v2.20.17, WhatsApp Business for Android before v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20.

A user-controlled criterion utilized in a video employ WhatsApp allowed an out-of-bounds compose on 32-bit gadgets.

CVE-2020-1890

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android before v2.20.2 would enable the execution of malformed information in a sticker message that loads images from URL controlled by the sender.

CVE-2020-1889

A security function bypass problem in WhatsApp Desktop variations before v0.3.4932 might have enabled sandbox escape in Electron and escalation of benefit if integrated with a remote code execution vulnerability inside the sandboxed renderer procedure.

CVE-2020-1886

A buffer overflow in WhatsApp for Android before v2.20.11 and WhatsApp Business for Android before v2.20.2 might have allowed an out-of-bounds write by means of a specifically crafted video stream after getting and responding to a harmful video call.

CVE-2019-11928

An input recognition issue in WhatsApp Desktop variations before v0.3.4932 could have permitted cross-site scripting upon clicking a link from a specifically crafted live location message.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity updates

Check out:

WhatsApp Bug Leaked Personal Phone Numbers in Google Search Results

Vital WhatsApp Vulnerability Let Hackers to Access the Local System Files on Mac & & Windows