PT-2020-15162 · Facebook+1 · Whatsapp+2

Published

2020-11-03

Updated

2020-11-13

CVE-2020-1908

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.20.100 WhatsApp Business versions prior to 2.20.100

Description The issue concerns improper authorization of the Screen Lock feature, which could allow Siri to interact with the WhatsApp application even after the phone is locked. This could potentially permit unauthorized access to the application's functionality.

Recommendations For WhatsApp versions prior to 2.20.100, update to version 2.20.100 or later. For WhatsApp Business versions prior to 2.20.100, update to version 2.20.100 or later.

Fix

Improper Authorization

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-552

Related Identifiers

CVE-2020-1908

Affected Products

Siri

Whatsapp Business

PT-2020-15162 · Facebook+1 · Whatsapp+2

CVE-2020-1908

Weakness Enumeration

Related Identifiers

Affected Products

References · 4