CVE-2021-24035
📋 TL;DR
This vulnerability allows attackers to perform path traversal attacks when WhatsApp processes ZIP archives, potentially overwriting critical WhatsApp files. It affects WhatsApp for Android and WhatsApp Business for Android users running versions before 2.21.8.13.
💻 Affected Systems
- WhatsApp for Android
- WhatsApp Business for Android
📦 What is this software?
Whatsapp by Whatsapp
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of WhatsApp data and functionality, including message interception, account takeover, or installation of malicious code.
Likely Case
Corruption of WhatsApp files leading to app crashes, data loss, or denial of service.
If Mitigated
Limited impact if only non-critical files are overwritten, but still potential for data integrity issues.
🎯 Exploit Status
Exploitation requires user to receive and open a malicious ZIP file via WhatsApp.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.21.8.13 and later
Vendor Advisory: https://www.whatsapp.com/security/advisories/2021/
Restart Required: Yes
Instructions:
1. Open Google Play Store. 2. Search for WhatsApp. 3. Tap Update. 4. Restart WhatsApp after update completes.
🔧 Temporary Workarounds
Disable automatic media download
androidPrevents automatic processing of ZIP files received via WhatsApp.
Open WhatsApp Settings > Storage and Data > Media Auto-Download > Disable all options
🧯 If You Can't Patch
- Avoid opening ZIP files received via WhatsApp from untrusted sources.
- Use alternative messaging apps until WhatsApp can be updated.
🔍 How to Verify
Check if Vulnerable:
Check WhatsApp version in Settings > Help > App Info.Check Version:
Not applicable for Android apps; check via app settings.Verify Fix Applied:
Confirm WhatsApp version is 2.21.8.13 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual file operations in WhatsApp data directory
- Multiple file overwrite attempts
Network Indicators:
- ZIP file transfers to WhatsApp users
SIEM Query:
Not typically applicable for mobile app vulnerabilities.