CVE-2017-8769

Name of the Vulnerable Software and Affected Versions Facebook WhatsApp Messenger versions prior to 2.16.323 for Android

Description The application stores files associated with a chat, such as Audio, Documents, Images, Video, and Voice Notes, in cleartext on the SD card, even after the chat is deleted. This may contradict user expectations of file deletion or encryption, given the app's use of an encrypted database for chat text. The vendor does not consider this a security issue, as users may want to preserve files for use in other apps.

Recommendations For versions prior to 2.16.323, update to version 2.16.323 or later to ensure that files associated with deleted chats are handled as expected. As a temporary workaround, consider manually reviewing and deleting files stored on the SD card that are associated with deleted chats. Restrict access to the SD card to minimize the risk of unauthorized access to these files.