CVE-2021-24026
published 2021-04-06CVE-2021-24026: A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.41%
69.2th percentile
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_business_for_android | >= unspecified < v2.21.3 | v2.21.3 | |
| whatsapp_business_for_ios | >= unspecified < v2.21.32 | v2.21.32 | |
| whatsapp_for_android | >= unspecified < v2.21.3 | v2.21.3 | |
| whatsapp_for_ios | >= unspecified < v2.21.32 | v2.21.32 | |
| < 2.21.3 | 2.21.3 | ||
| whatsapp_business | < 2.21.3 | 2.21.3 | |
| whatsapp_business | < 2.21.32 | 2.21.32 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices | Qualys
blogs_qualys·2021-04-22·CVSS 9.8
CVE-2021-24026 [CRITICAL] WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices | Qualys
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security warning for WhatsApp users in India. It has again confirmed that businesses need a mobile security solution to secure their devices.
### Remote Code Execution (RCE) Vulnerability: CVE-2021-24026
WhatsApp released a patch to fix the RCE critical vulnerability (CVE-2021-24026). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching. It affects assets running:
- WhatsApp for Android prior to v2.21.3
- WhatsApp Business for Android prior to v2.21.3
- WhatsApp for iOS prior to v2.21.32
- Wh
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices
blogs_qualys·2021-04-22·CVSS 9.8
CVE-2021-24026 [CRITICAL] WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. The Indian Computer Emergency Response Team ( CERT-In ) has issued a high-severity security warning for WhatsApp users in India. It has again confirmed that businesses need a mobile security solution to secure their devices.
## Remote Code Execution (RCE) Vulnerability: CVE-2021-24026
WhatsApp released a patch to fix the RCE critical vulnerability (CVE-2021-24026). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching. It affects assets running:
WhatsApp for Android prior to v2.21.3
WhatsApp Business for Android prior to v2.21.3
WhatsApp for iOS prior to v2.21.32
WhatsA
2021-04-06
Published