WhatsApp Allowed Attackers To Hack You Via Phone Calls.

The vulnerability was identified as CVE-2021-24026 (CVSS score: 9.8) and is now patched.

OSWhatsApp Version
iOSv2.21.32
Androidv2.21.3
Affected versions for WhatsApp (Calls & Business) prior to version.


The exploit could have allowed attackers to remotely corrupt data, cause a denial-of-service (DoS), or remote code execution (RCE).

The description for the CVE record is listed below:

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24026
https://www.whatsapp.com/security/advisories/2021/

The vulnerability existed due to the lack of a boundary check when processing audio calls.
This allowed a remote attacker to craft a specially made audio stream during a phone call, which then triggered an out-of-bounds read and write.
Allowing an attacker to execute arbitrary code on a victim.
The Facebook-owned platform publicized the vulnerability in April of 2021.
However, they did not release specifically where the exploit was located because it was so critical.

CVE-2021-24027 (CVSS score: 7.5) was also disclosed the same month following CVE-2021-24026.

This was certainly not a good month for WhatsApp 😐
We hope you enjoyed this read, feel free to check out more of our articles.
Just click ‘Blogs’ up at the top there, and have an amazing day 😁

Find this article interesting? Feel free to share it!

Share on facebook
Share on twitter
Share on linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *