Description
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2020/
Scores
CVSS v3
4.6
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-552
CWE-285
Status
published
Products (2)
whatsapp/whatsapp
< 2.20.100
whatsapp/whatsapp_business
< 2.20.100
Published
Nov 03, 2020
Tracked Since
Feb 18, 2026