====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN210
_____________________________________________________________________

DATE                : 12/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Android, iOS running WhatsApp, WhatsApp Business
                          versions prior to 2.21.4.18,
      iOS running WhatsApp, WhatsApp Business versions prior to 2.21.32.

=====================================================================
https://www.whatsapp.com/security/advisories/2021/
_____________________________________________________________________

WhatsApp Security Advisories
2021 Updates

April Update


CVE-2021-24027
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and
WhatsApp Business for Android v2.21.4.18 may have allowed a third party
with access to the device’s external storage to read cached TLS
material.


CVE-2021-24026
A missing bounds check within the audio decoding pipeline for WhatsApp
calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for
Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and
WhatsApp Business for iOS prior to v2.21.32 could have allowed an
out-of-bounds write.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================