Auth bypass in Facebook Whatsapp Business For Ios

CVE-2020-1908

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.

EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Business For Ios — versions 2.20.100, unspecified
Facebook Whatsapp For Ios — versions 2.20.100, unspecified

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

www.whatsapp.com/security/advisories/2020/ (x_refsource_CONFIRM)