The vulnerability was identified as CVE-2021-24026 (CVSS score: 9.8) and is now patched.
The exploit could have allowed attackers to remotely corrupt data, cause a denial-of-service (DoS), or remote code execution (RCE).
The description for the CVE record is listed below:
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
The vulnerability existed due to the lack of a boundary check when processing audio calls.
This allowed a remote attacker to craft a specially made audio stream during a phone call, which then triggered an out-of-bounds read and write.
Allowing an attacker to execute arbitrary code on a victim.
The Facebook-owned platform publicized the vulnerability in April of 2021.
However, they did not release specifically where the exploit was located because it was so critical.
CVE-2021-24027 (CVSS score: 7.5) was also disclosed the same month following CVE-2021-24026.
This was certainly not a good month for WhatsApp 😐
We hope you enjoyed this read, feel free to check out more of our articles.
Just click ‘Blogs’ up at the top there, and have an amazing day 😁