Allele Security Alert
A URL validation issue could have caused the recipient of a sticker message to load an image from a sender-controlled URL
WhatsApp for Android versions before v2.20.11
WhatsApp Business for Android versions before v2.20.2
WhatsApp for Android version v2.20.11
WhatsApp Business for Android version v2.20.2
Proof of concept
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
WhatsApp Security Advisories
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 9, 2020