WhatsApp version 2.18.61 suffers from a memory corruption vulnerability.
05f98770c14444ad83cddd23fdf265911dab07c1540b1184699a7badf9180432RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, and Facebook Messenger.
8add20e505d85dfcd1125eb892d0726f12751ed7cff691329973ac7c8d3c4a25Whitepaper that gives an analysis of the remote code execution vulnerability noted in CVE-2019-11932 for WhatsApp that affects versions prior to 2.19.244. Written in Spanish.
7866772d314829babcae8d60f3a6173f7e55759aac6e5184ca91290e471e6320Whitepaper discussing how to leverage the WhatsApp remote code execution vulnerability that takes advantage of a double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library.
feb7a40a9b13488a6d0ac0a4f65701a08a6a1d9b083b8c2771168f17e21baef5Proof of concept exploit that leverages a double-free in the DDGifSlurp function in decoding.c in the android-gif-drawable library in order to achieve remote code execution in WhatsApp.
1c2d3f70903b9b13321a6f3f46689c943f4e16a2256386af7669b84810563623WhatsApp Desktop version 0.3.9308 suffers from a persistent cross site scripting vulnerability.
92e40eb6061e659675b76d4c9cead134b84c467d9f33ed0ad867dc0747766250A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.
deb671a58483113fa01c7556131f6c1924fc8c60528a056679836812d446ff89Whatsapp version 2.19.216 suffers from a remote code execution vulnerability.
b1c4e9d5cd54513f408c1ec9d9017cd31cfa52c3bd2ca8b5bc7e8a9fe88994d1WhatsApp suffers from a heap corruption vulnerability in RTP processing.
e053dae6b5c926d9d1c66aa29e059009fecb9861a5a9937ccd1fa50f7ffcea53WhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.
ff92e1c85fb8bd8ac7902fd96cddf503538f3176b7b042ad1dbbfe8fb8038ef6WhatsApp versions 2.17.52 and below suffer from a memory corruption vulnerability that can result in a denial of service.
938e528baacd94eea2f9b0cdc6f120abd8230c01d83a66a10d0b34e7c45314cdWhatsApp Messenger for Android does not delete sent and received files from the SD card on the device when chats are cleared, deleted or the application is uninstalled from the device. Additionally, the application stores sent and received files in the SD card without encryption where they are accessible to any applications with storage permissions.
33e5802bd2f7506103d2ccc503733ef058009d057af1f25c56e0615d0d99772fWhatsApp suffers from a DLL hijacking vulnerability.
5edfc503a7aaa97cdd3ee4b9e0a61279e5db0110de4e6e57333a56e62653ad04The WhatsApp iOS application appears to suffer from a buffer overflow condition when receiving a malicious location message.
c8cbbfa784fa9dc86d64bfc86141fcad9c0be3d44088932960751c9fa3ec7913WhatsApp suffers from a remote reboot/crash vulnerability on Android versions 2.11.476 and below.
5879d8bdbd46acb54cdb8b4d551d83b50cb7473bcd56f684c9481ecf433fa1beThis whitepaper is a walk through on how to extract msgstore.db.crypt5 from WhatsApp on Android and using tools to break crypt5.
68ad521e10670bbb65c0d7b97ed8b497b83fd054c87bf2fe62d0596ebb035636WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.
260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4This is a slim exploit that will change the WhatsApp user status remotely.
8f1798fb095f631b8c7bd66e9d6ce857746b6d417745cd1e813ce1524b09572dSecunia Security Advisory - A security issue has been reported in WhatsApp Messenger, which can be exploited by malicious people to disclose potentially sensitive information.
f6dab7cea0114aa4f9a02710e16d749887c9dcf167be5d37f3a8265bd2b3cd7cThe WhatsApp tool suffers from arbitrary user status updating, registration bypass and plaintext protocol vulnerabilities.
0616c7aaaea8c5766787ad6d89a5f5e1a9b8c80dda620060d4f23fe8f25ffa06
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed