VYPR

WhatsApp for iPhone

by Whatsapp

CVEs (6)

  • CVE-2019-18426HigKEVJan 21, 2020
    risk 0.74cvss 8.2epss 0.68

    A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted…

  • CVE-2018-6350CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to…

  • CVE-2018-20655CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.

  • CVE-2020-1894HigSep 3, 2020
    risk 0.57cvss 8.8epss 0.02

    A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially…

  • CVE-2025-55177MedKEVAug 29, 2025
    risk 0.47cvss 5.4epss 0.04

    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a…

  • CVE-2025-55179MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We…