CVE-2021-24041 – A missing bounds check in WhatsApp's image blur... (How to Fix)

Q: What is the severity of CVE-2021-24041?

CVE-2021-24041 has a CVSS score of 9.8 (CRITICAL). A missing bounds check in WhatsApp's image blurring code allows an attacker to trigger an out-of-bounds write by sending a malicious image. This could lead to remote code execution or application crashes. Affects WhatsApp and WhatsApp Business for Android users running vulnerable versions.

📋 TL;DR

A missing bounds check in WhatsApp's image blurring code allows an attacker to trigger an out-of-bounds write by sending a malicious image. This could lead to remote code execution or application crashes. Affects WhatsApp and WhatsApp Business for Android users running vulnerable versions.

💻 Affected Systems

Products:

WhatsApp for Android
WhatsApp Business for Android

Versions: All versions prior to v2.21.22.7

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android versions of WhatsApp. iOS and desktop versions are not affected.

📦 What is this software?

Whatsapp by Whatsapp

View all CVEs affecting Whatsapp →

Whatsapp Business by Whatsapp

View all CVEs affecting Whatsapp Business →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the victim's device, potentially allowing full device compromise, data theft, or installation of persistent malware.

🟠

Likely Case

Application crash leading to denial of service, or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

No impact if patched version is installed, as the vulnerability is fixed in the code.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely by sending malicious images through WhatsApp.

🏢 Internal Only: LOW - This is primarily an external attack vector through the messaging platform.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to send a malicious image that the victim must receive and process. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.21.22.7 and later

Vendor Advisory: https://www.whatsapp.com/security/advisories/2021/

Restart Required: Yes

Instructions:

1. Open Google Play Store. 2. Search for WhatsApp or WhatsApp Business. 3. Tap Update if available. 4. Restart the app after update completes.

🔧 Temporary Workarounds

Disable automatic media download

android

Prevent automatic downloading of images which could trigger the vulnerability

Open WhatsApp Settings > Storage and Data > Media Auto-Download > Disable all options

🧯 If You Can't Patch

Uninstall vulnerable WhatsApp versions and use alternative secure messaging platforms
Disable WhatsApp notifications and avoid opening images from unknown contacts

🔍 How to Verify

Check if Vulnerable:

Check WhatsApp version in Settings > Help > App Info. If version is below 2.21.22.7, you are vulnerable.

Check Version:

Not applicable - check version through app settings

Verify Fix Applied:

Confirm WhatsApp version is 2.21.22.7 or higher in Settings > Help > App Info.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory corruption errors
Unusual image processing failures

Network Indicators:

Large or malformed image files being sent/received
Unusual image metadata patterns

SIEM Query:

Not applicable - this is client-side vulnerability on mobile devices

📊 Metadata

CVE ID: CVE-2021-24041

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: December 7, 2021

Last Updated: November 21, 2024

🔗 References

https://www.whatsapp.com/security/advisories/2021/ Vendor Advisory
https://www.whatsapp.com/security/advisories/2021/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24041, you might also want to check these: