WhatsApp Cloud Service Sandbox Bypass Vulnerability Allowing Paragon Spyware Deployment
Vulnerability
A vulnerability in the WhatsApp cloud service, present prior to late 2024, allowed certain crafted PDF files to bypass sandbox protections. This flaw enabled remote access to messaging applications by third parties. The vulnerability was exploited in 2024 to deploy Android malware linked to Paragon Solutions, targeting journalists and activists in Italy.
Impact
Exploitation of this vulnerability allowed for a zero-click injection of Paragon's Graphite spyware into WhatsApp on Android devices. Once installed, the spyware could access WhatsApp messages and intercept communications from other messaging applications on the device.
Reproduction
The vulnerability was reproduced by adding targets to a WhatsApp group and sending a crafted PDF. The PDF exploited the sandbox bypass, allowing the Graphite spyware to be injected into WhatsApp.
Remediation
WhatsApp has patched this vulnerability, removing the exploit vector without requiring a client-side fix.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.