CVE-2021-24042: 
WhatsApp vulnerability analysis and mitigation

A vulnerability in WhatsApp's calling logic was identified, tracked as CVE-2021-24042. The issue affected multiple versions of WhatsApp applications including WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, and WhatsApp Desktop prior to v2.2146. The vulnerability was discovered and assigned on January 13, 2021 (CVE MITRE).

The vulnerability is characterized as an out-of-bounds write condition that could be triggered when a user makes a 1:1 call to a malicious actor. The issue has been classified under CWE-787 (Out-of-bounds Write) and CWE-122 categories (NVD CNA).

The vulnerability could potentially allow an attacker to execute malicious code through the exploitation of the out-of-bounds write condition during a one-to-one call scenario (NVD).

The vulnerability has been addressed through updates to all affected WhatsApp applications. Users should ensure they are running WhatsApp for Android v2.21.23 or later, WhatsApp Business for Android v2.21.23 or later, WhatsApp for iOS v2.21.230 or later, WhatsApp Business for iOS v2.21.230 or later, WhatsApp for KaiOS v2.2143 or later, and WhatsApp Desktop v2.2146 or later (WhatsApp Advisory).