CVE-2020-1907
📋 TL;DR
A stack overflow vulnerability in WhatsApp's RTP Extension header parsing allows remote attackers to execute arbitrary code on affected devices. This affects WhatsApp and WhatsApp Business on Android, iOS, and Portal platforms. Successful exploitation could give attackers full control over the device.
💻 Affected Systems
- WhatsApp for Android
- WhatsApp Business for Android
- WhatsApp for iOS
- WhatsApp Business for iOS
- WhatsApp for Portal
📦 What is this software?
Whatsapp by Whatsapp
Whatsapp by Whatsapp
Whatsapp by Whatsapp
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing data theft, surveillance, and persistent access to all device functions and data.
Likely Case
Remote code execution leading to data exfiltration, malware installation, or device takeover.
If Mitigated
No impact if patched versions are installed and no vulnerable versions are in use.
🎯 Exploit Status
Exploitation requires sending specially crafted RTP packets, which could be delivered via malicious calls or manipulated network traffic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android v2.20.196.16+, WhatsApp Business Android v2.20.196.12+, iOS v2.20.90+, WhatsApp Business iOS v2.20.90+, Portal v173.0.0.29.505+
Vendor Advisory: https://www.whatsapp.com/security/advisories/2020/
Restart Required: No
Instructions:
1. Open WhatsApp app store (Google Play Store or Apple App Store). 2. Check for updates. 3. Install the latest version. 4. The app will automatically update without requiring restart.
🔧 Temporary Workarounds
Disable WhatsApp Calls
allPrevent RTP-based exploitation by disabling voice/video calls in WhatsApp settings.
Network Filtering
allBlock RTP traffic to WhatsApp at network perimeter to prevent exploitation attempts.
🧯 If You Can't Patch
- Disable WhatsApp completely until patched versions can be installed.
- Use alternative secure communication platforms that are not vulnerable.
🔍 How to Verify
Check if Vulnerable:
Check WhatsApp version in app settings: Settings > Help > App Info. Compare against vulnerable versions listed above.Check Version:
Not applicable - check version in app settings menu.Verify Fix Applied:
Confirm version is equal to or higher than patched versions: Android v2.20.196.16+, WhatsApp Business Android v2.20.196.12+, iOS v2.20.90+, WhatsApp Business iOS v2.20.90+, Portal v173.0.0.29.505+.📡 Detection & Monitoring
Log Indicators:
- Unexpected app crashes
- Memory access violations in system logs
- Suspicious process creation from WhatsApp
Network Indicators:
- Malformed RTP packets to WhatsApp ports
- Unusual network traffic patterns from WhatsApp
SIEM Query:
Not applicable - mobile app vulnerability with limited enterprise logging.