Full Report
Weeks after a researcher reported the bug to WhatsApp, the company says it rolled out a long-term fix. © 2024 TechCrunch. All rights reserved. For personal use only.
Analysis Summary
# Vulnerability: WhatsApp 'View Once' Media Viewing Bypass
## CVE Details
- CVE ID: Not explicitly assigned in the text.
- CVSS Score: Not explicitly provided in the text.
- CWE: Not explicitly provided in the text. (Likely related to Improper Access Control or Input Validation)
## Affected Systems
- Products: WhatsApp (Messaging application provided by Meta)
- Versions: Versions prior to the deployed fix (Specific version numbers are not detailed in the summary).
- Configurations: Users utilizing the 'View Once' feature for sending media (photos/videos).
## Vulnerability Description
A security flaw existed in WhatsApp's implementation of the 'View Once' privacy feature, which is designed to allow media to be viewed only a single time before disappearing. This bug allowed recipients to bypass this privacy control and save, forward, or share the 'View Once' media indefinitely. The researcher reportedly found a method to extract and save the media even after the intended viewing period expired or the view-once restriction was triggered.
## Exploitation
- Status: The description implies a researcher found and reported the bug, suggesting a successful proof-of-concept existed, but does not explicitly state it was exploited in the wild. (PoC likely exists based on research report).
- Complexity: Not specified, but bypassing a primary privacy feature generally suggests at least Medium complexity requiring manipulation of the app state or file handling.
- Attack Vector: Likely Local (on the recipient's device, requiring interaction after receiving the message).
## Impact
- Confidentiality: **High**. Sensitive or private media intended to disappear could be permanently saved and retained by the recipient.
- Integrity: **Low/Medium**. Integrity of the media itself is not altered, but the integrity of the platform's imposed limitation is broken.
- Availability: **Not Affected**.
## Remediation
### Patches
- WhatsApp rolled out a long-term fix for the vulnerability after the bug was reported. Users are advised to update to the latest version of WhatsApp available on their respective app stores.
### Workarounds
- No specific workarounds were detailed other than updating the application. As a general mitigation until updating, one might avoid sharing highly sensitive media via 'View Once' messages.
## Detection
- Detection methods for this vulnerability would primarily involve monitoring for unusual file creation/storage activity related to media caches following the viewing of a 'View Once' message, although this is application-specific and difficult for standard network monitoring. The primary detection mechanism is updating the software.
- Indicators of compromise (IoCs): If a user observes 'View Once' content being retained in local storage after the intended viewing period.
## References
- Vendor advisories: Mentioned in the context that the bug was reported to WhatsApp, leading to a fix.
- Relevant links - defanged:
- https://techcrunch.com/2024/12/09/whatsapp-fixes-bug-that-let-users-bypass-view-once-privacy-feature/