Описание
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.25.8.14 (включая) до 2.25.23.83 (исключая)Версия от 2.25.8.17 (включая) до 2.25.23.73 (исключая)Версия от 2.25.8.14 (включая) до 2.25.23.82 (исключая)
Одно из
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:macos:*:*
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 10%
0.00034
Низкий
5.4 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.4
github
3 месяца назад
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
EPSS
Процентиль: 10%
0.00034
Низкий
5.4 Medium
CVSS3
Дефекты
NVD-CWE-noinfo