CVE-2020-1908
First published: Tue Nov 03 2020(Updated: )
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Whatsapp Whatsapp | <2.20.100 | |
| Whatsapp Whatsapp Business | <2.20.100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1908?
CVE-2020-1908 is a vulnerability in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 that allows unauthorized access to the application using Siri even when the phone is locked.
How severe is CVE-2020-1908?
CVE-2020-1908 has a severity rating of 4.6, which is considered medium.
How does CVE-2020-1908 affect WhatsApp and WhatsApp Business?
CVE-2020-1908 affects WhatsApp and WhatsApp Business for iOS prior to v2.20.100 where Siri can be used to interact with the app even if the phone is locked.
How can I fix CVE-2020-1908?
To fix CVE-2020-1908, update WhatsApp and WhatsApp Business to version v2.20.100 or later.
Where can I find more information about CVE-2020-1908?
You can find more information about CVE-2020-1908 in the WhatsApp security advisories at https://www.whatsapp.com/security/advisories/2020/
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/whatsapp
- canonical/whatsapp whatsapp
- canonical/whatsapp whatsapp business