Stack-based Overflow in WhatsApp for iOS Product by Facebook
CVE-2018-20655

9.8CRITICAL

Key Information:

Vendor: Facebook
Status: WhatSAPp For iOS; WhatSAPp Business For iOS
Vendor: CVE Published:; 14 June 2019

What is CVE-2018-20655?

A vulnerability in WhatsApp for iOS allows attackers to exploit a stack-based overflow due to a missing size check when parsing packets from a sender. This security flaw could potentially be triggered when users receive calls, affecting both regular and business versions of the app prior to version 2.18.90.24.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WhatsApp Business for iOS 2.18.90.24

WhatsApp Business for iOS < 2.18.90.24

WhatsApp for iOS 2.18.90.24

References

https://www.facebook.com/security/advisories/cve-2018-20655/

x_refsource_MISC

http://www.securityfocus.com/bid/108805

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2019
Vulnerability Reserved
Jan 2, 2019

JSON

Facebook

What is CVE-2018-20655?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.