CVE-2021-24042 : Vulnerability Insights and Analysis

WhatsApp applications for various platforms were affected by a vulnerability that could lead to an out-of-bounds write during a 1:1 call with a malicious user.

Understanding CVE-2021-24042

This CVE impacts WhatsApp Desktop, WhatsApp for KaiOS, WhatsApp Business for iOS, WhatsApp for iOS, WhatsApp Business for Android, and WhatsApp for Android.

What is CVE-2021-24042?

The vulnerability in the calling logic of WhatsApp apps could allow an out-of-bounds write when making a 1:1 call to a malicious actor.

The Impact of CVE-2021-24042

If exploited, this vulnerability could lead to unauthorized write access and potentially enable attackers to execute arbitrary code or crash the application.

Technical Details of CVE-2021-24042

The following technical details outline the vulnerability.

Vulnerability Description

A heap-based buffer overflow vulnerability (CWE-122) was discovered in the affected WhatsApp applications.

Affected Systems and Versions

WhatsApp Desktop prior to v2.2146
WhatsApp for KaiOS prior to v2.2143
WhatsApp Business for iOS prior to v2.21.230
WhatsApp for iOS prior to v2.21.230
WhatsApp Business for Android prior to v2.21.23
WhatsApp for Android prior to v2.21.23

Exploitation Mechanism

The vulnerability could be exploited by a malicious user during a 1:1 call, potentially leading to unauthorized write access.

Mitigation and Prevention

To address CVE-2021-24042, users and administrators can take the following steps.

Immediate Steps to Take

Update WhatsApp applications to the latest versions available.
Exercise caution when engaging in 1:1 calls, especially with unknown or suspicious contacts.

Long-Term Security Practices

Regularly check for security advisories and updates from WhatsApp.
Avoid clicking on suspicious links or downloading files from unknown sources within the app.

Patching and Updates

Stay informed about security patches released by WhatsApp and apply them promptly to mitigate the risk of exploitation.