CVE-2020-1903 : Security Advisory and Response

WhatsApp for iOS and WhatsApp Business for iOS versions prior to 2.20.61 are affected by a vulnerability that could lead to a denial of service when unzipping certain document types.

Understanding CVE-2020-1903

An overview of the vulnerability affecting WhatsApp for iOS and WhatsApp Business for iOS.

What is CVE-2020-1903?

The vulnerability in WhatsApp for iOS and WhatsApp Business for iOS versions before 2.20.61 could allow a denial of service via out-of-memory due to unzipping specific document formats like docx, pptx, and xlsx.

The Impact of CVE-2020-1903

The vulnerability could potentially result in a denial of service for the recipient when opening attachments from unknown contacts.

Technical Details of CVE-2020-1903

Exploring the technical aspects of the vulnerability.

Vulnerability Description

The issue arises when unzipping docx, pptx, and xlsx files in WhatsApp for iOS and WhatsApp Business for iOS versions prior to 2.20.61, potentially leading to a denial of service due to out-of-memory conditions.

Affected Systems and Versions

WhatsApp for iOS prior to v2.20.61
WhatsApp Business for iOS prior to v2.20.61

Exploitation Mechanism

To trigger the vulnerability, the receiver must explicitly open the attachment from a non-contact number in WhatsApp.

Mitigation and Prevention

Measures to address and prevent the exploitation of CVE-2020-1903.

Immediate Steps to Take

Update WhatsApp and WhatsApp Business to version 2.20.61 or above.
Avoid opening attachments from unknown or untrusted sources.

Long-Term Security Practices

Regularly update messaging apps and their associated software.
Educate users on the risks of opening attachments from unfamiliar sources.

Patching and Updates

Ensure timely installation of security patches and updates for WhatsApp and WhatsApp Business to mitigate the vulnerability.