CVE-2021-24027
published 2021-04-06CVE-2021-24027: A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.81%
88.7th percentile
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_business_for_android | — | — | |
| whatsapp_for_android | >= unspecified < v2.21.4.18 | v2.21.4.18 | |
| < 2.21.4.18 | 2.21.4.18 | ||
| whatsapp_business | < 2.21.4.18 | 2.21.4.18 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices | Qualys
blogs_qualys·2021-04-22·CVSS 9.8
CVE-2021-24026 [CRITICAL] WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices | Qualys
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security warning for WhatsApp users in India. It has again confirmed that businesses need a mobile security solution to secure their devices.
### Remote Code Execution (RCE) Vulnerability: CVE-2021-24026
WhatsApp released a patch to fix the RCE critical vulnerability (CVE-2021-24026). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching. It affects assets running:
- WhatsApp for Android prior to v2.21.3
- WhatsApp Business for Android prior to v2.21.3
- WhatsApp for iOS prior to v2.21.32
- Wh
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices
blogs_qualys·2021-04-22·CVSS 9.8
CVE-2021-24026 [CRITICAL] WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. The Indian Computer Emergency Response Team ( CERT-In ) has issued a high-severity security warning for WhatsApp users in India. It has again confirmed that businesses need a mobile security solution to secure their devices.
## Remote Code Execution (RCE) Vulnerability: CVE-2021-24026
WhatsApp released a patch to fix the RCE critical vulnerability (CVE-2021-24026). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching. It affects assets running:
WhatsApp for Android prior to v2.21.3
WhatsApp Business for Android prior to v2.21.3
WhatsApp for iOS prior to v2.21.32
WhatsA
2021-04-06
Published