{"id":3984,"date":"2021-04-19T09:27:51","date_gmt":"2021-04-19T07:27:51","guid":{"rendered":"https:\/\/xopero.com\/blog\/?p=3984"},"modified":"2025-12-01T09:27:53","modified_gmt":"2025-12-01T08:27:53","slug":"beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack","status":"publish","type":"post","link":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/","title":{"rendered":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack"},"content":{"rendered":"\n<p>Android users have new reasons to worry\u2026 again. About a week ago, we provided information about the <a href=\"https:\/\/xopero.com\/blog\/en\/flixonline-if-you-too-have-this-app-installed-delete-it-now\/\">FlixOnline application<\/a> which operators were able to successfully bypass the application authentication system in the Google Play Store. This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers are able to manipulate the data exchanged between the application and external memory. Details can be found below.<\/p>\n\n\n\n<!--more-->\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-1\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"new-whatsapp-bugs-couldve-let-attackers-remotely-hack-your-phone\"><strong>New WhatsApp bugs could&#8217;ve let attackers remotely hack your phone<\/strong><\/h2>\n\n\n<p>Recently two security vulnerabilities have been spotted in WhatsApp for Android. They could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information.<\/p>\n\n\n\n<p>The flaws take aim at devices running Android versions up to Android 9 (including) by carrying out &#8222;man-in-the-disk&#8221; attack. It makes it possible for adversaries to compromise an app by manipulating certain data being exchanged between it and the external storage.&nbsp;<\/p>\n\n\n\n<p>The flaw (CVE-2021-24027) leverages Chrome&#8217;s support for content providers in Android (via the &#8222;content:\/\/&#8221; URL scheme) and a same-origin policy bypass in the browser (CVE-2020-6516), thereby allowing an attacker to send a specially-crafted HTML file to a victim over WhatsApp, which, when opened on the browser, executes the code contained in the HTML file.<\/p>\n\n\n\n<p>All an attacker has to do is lure the victim into opening an HTML document attachment. Then WhatsApp will render this attachment in Chrome, over a content provider, and the attacker&#8217;s Javascript code will be able to steal the stored TLS session keys.<\/p>\n\n\n<h5 class=\"wp-block-heading\" id=\"whatsapp-bugs-a-mean-to-an-end\"><strong>WhatsApp bugs<\/strong> &#8211; a mean to an end<\/h5>\n\n\n<p>Armed with the keys, a bad actor can then stage a man-in-the-middle attack to achieve remote code execution or even exfiltrate the Noise protocol key pairs.<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"atbs-responsive-video\"><iframe loading=\"lazy\" title=\"CVE-2021-24027: Remote code execution in WhatsApp\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/KO_K0F4W36I?start=31&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><\/figure>\n\n\n\n<p>Worse, the malicious code can be used to access any resource stored in the unprotected external storage area and expose sensitive information to any app that&#8217;s provisioned to read or write from the external storage.<\/p>\n\n\n\n<p>WhatsApp users are recommended to update to version 2.21.4.18 to mitigate the risk associated with the flaws.<\/p>\n\n\n\n<p><a href=\"https:\/\/thehackernews.com\/2021\/04\/new-whatsapp-bug-couldve-let-attackers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-2\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"hijacked-microsoft-exchange-used-to-host-cryptominer\"><strong>Hijacked Microsoft Exchange used to host cryptominer<\/strong><\/h2>\n\n\n<p>Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the ProxyLogon exploit. More than 92 percent of affected MS Exchange servers were patched- but the damage had already been done.<\/p>\n\n\n\n<p>Researchers at Sophos report an unknown attacker is attempting to use a compromised Microsoft Exchange Server to deliver a malicious Monero cryptominer onto other vulnerable Microsoft Exchange Servers. Because the cryptominer is hosted on a compromised Exchange Server, it may be easier for the attacker to deliver the payload to other vulnerable targets as firewalls are less likely to block traffic between Exchange Servers.<\/p>\n\n\n\n<p class=\"has-light-gray-background-color has-background\">The executables file associated with this attack as <strong>Mal\/Inject-GV<\/strong> and <strong>XMR-Stak Miner (PUA)<\/strong>.<\/p>\n\n\n\n<p><strong>The \u2018unusual attack\u2019<\/strong><\/p>\n\n\n\n<p>The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server\u2019s Outlook Web Access logon path (\/owa\/auth). The .zip file is not a compressed archive at all but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip, which also are not compressed.<\/p>\n\n\n\n<p>The batch script then runs another command that outputs the decoded executable into the same directory. Once decoded, the batch script runs the executable, which extracts the miner and configuration data from the QuickCPU.dat file, injects it into a system process, and then deletes any evidence that it was there.<\/p>\n\n\n\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2021\/04\/13\/compromised-exchange-server-hosting-cryptojacker-targeting-other-exchange-servers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/xopero.com\/resources\/git-backup-guide\/\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"800\" height=\"378\" src=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2021\/04\/git-guide-en.png\" alt=\"\" class=\"wp-image-3956\" style=\"width:596px;height:282px\"\/><\/a><\/figure>\n<\/div>\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-3\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"smash-the-newest-rowhammer-attack-is-a-threat-to-your-ddr4-memory-card\"><strong>SMASH, the newest Rowhammer attack is a threat to your DDR4 memory card<\/strong><\/h2>\n\n\n<p>Rowhammer is an umbrella term that refers to a class of exploits that leverage a hardware design quirk in DDR4 systems. SMASH is its newest variant that triggers a malicious JavaScript condition on the latest DDR4 RAM cards despite mitigations implemented by manufacturers for about 5 years.<\/p>\n\n\n\n<p><strong>RAM cards design<\/strong><\/p>\n\n\n\n<p>Memory RAM cards save data inside what&#8217;s called memory cells (each consisting of a capacitor and a transistor) that are arranged in the form of a matrix. But the memory cells tend to lose their state over time and therefore require a periodic reading and rewriting of each cell in order to restore the charge on the capacitor to its original level.<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"atbs-responsive-video\"><iframe loading=\"lazy\" title=\"SMASH\" width=\"1200\" height=\"900\" src=\"https:\/\/www.youtube.com\/embed\/k2D4D-kF-ic?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><\/figure>\n\n\n\n<p><strong>To hell with old mitigations\u2026<\/strong><\/p>\n\n\n\n<p>To bypass TRR mitigations, SMASH carefully schedules cache hits and failures to activate the multifaceted Rowhammer bit. Then SMASH allows threat actors an arbitrary read\/write primitive in the browser:<\/p>\n\n\n\n<p>The exploit chain is initiated when a victim visits a malicious website under the adversary&#8217;s control or a legitimate website that contains a malicious ad, taking advantage of the Rowhammer bit flips triggered from within the JavaScript sandbox to gain control over the victim&#8217;s browser.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.exploitone.com\/vulnerabilities\/smash-the-new-variant-of-the-rowhammer-attack-that-puts-millions-of-users-at-risk\/\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-4\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"solarmarker-hackers-flood-the-web-with-100k-sites-offering-malicious-pdfs\"><strong>SolarMarker<\/strong> <strong>hackers flood the web with 100K sites offering malicious PDFs<\/strong><\/h2>\n\n\n<p>Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks.<\/p>\n\n\n\n<p>The attack starts by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating their systems. Once the user attempts to download the alleged document template is redirected, without knowledge, to a malicious website that hosts the RAT.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2023\/10\/google.jpg\"><img decoding=\"async\" width=\"728\" height=\"519\" src=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2023\/10\/google.jpg\" alt=\"\" class=\"wp-image-5256\"\/><\/a><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/thehackernews.com\/2021\/04\/yikes-cybercriminals-flood-intrenet.html\" target=\"_blank\" rel=\"noreferrer noopener\">The Hacker News<\/a><\/figcaption><\/figure>\n<\/div>\n\n\n<p>According to eSentire researchers, once the RAT gets activated on the victim&#8217;s computer, attackers can send commands and upload additional malware, like ransomware, a credential stealer, a banking trojan, or simply use the RAT called SolarMarker (aka Yellow Cockatoo, Jupyter, and Polazert).as a foothold into the victim&#8217;s network.<\/p>\n\n\n\n<p>The firm said it discovered over 100,000 unique web pages that contain popular business terms or keywords such as template, invoice, questionnaire, resume, and receipt. What is even more troubling aspect of this campaign is that SolarMarker group uses <a href=\"https:\/\/openaiagent.io\/blog\/10-powerful-ways-to-use-surfer-seo-tool-for-content-optimization-in-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\">SEO techniques<\/a> to populate many of their malicious pages and allow them to be ranked higher on the search results what increase the likelihood of success.\u00a0<\/p>\n\n\n\n<p>If you are looking for any financial documents templates, better use only official, well-known websites.<\/p>\n\n\n\n<p><a href=\"https:\/\/thehackernews.com\/2021\/04\/new-whatsapp-bug-couldve-let-attackers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Source<\/a><\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<a name=\"paragraph-5\"><\/a>\n\n\n<h2 class=\"wp-block-heading\" id=\"do-you-have-thirst-for-knowledge-there-are-ten-more-cybersecurity-stories-below\"><strong>Do you have thirst for knowledge? There are ten more cybersecurity stories below<\/strong><\/h2>\n\n\n<p>1. FBI nuked web shells from hacked Exchange Servers without telling owners (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>2. Microsoft Patches Four More Critical Exchange Server Bugs (<a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-patch-four-critical\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Post<\/a>)<br>3. Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits (<a href=\"https:\/\/thehackernews.com\/2021\/04\/2-new-chrome-0-days-under-attack-update.html\" target=\"_blank\" rel=\"noreferrer noopener\">The Hacker News<\/a>)<strong><br><\/strong>4. Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera (<a href=\"https:\/\/www.hackread.com\/poc-exploit-for-0-day-chrome-edge-brave-opera\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hack Read<\/a>)<br>5. Experts released PoC exploit code for a critical RCE in QNAP NAS devices (<a href=\"https:\/\/securityaffairs.co\/wordpress\/116750\/hacking\/qnap-rce-exploit.html\" target=\"_blank\" rel=\"noreferrer noopener\">Security Affairs<\/a>)<br>6. Adobe fixes critical vulnerabilities in Photoshop and Digital Editions (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/adobe-fixes-critical-vulnerabilities-in-photoshop-and-digital-editions\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bleeping Computer<\/a>)<br>7. YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs (<a href=\"https:\/\/thehackernews.com\/2021\/04\/yikes-cybercriminals-flood-intrenet.html\" target=\"_blank\" rel=\"noreferrer noopener\">The Hacker News<\/a>)<strong><br><\/strong>8. Google Chrome 90 introduces the security feature we\u2019ve been waiting for (<a href=\"https:\/\/bgr.com\/tech\/google-chrome-90-update-default-https-browsing-5919589\/\" target=\"_blank\" rel=\"noreferrer noopener\">BGR.com<\/a>)<br>9. \u2018Name:Wreck\u2019 is the latest collision between TCP\/IP and the standards process (<a href=\"https:\/\/bgr.com\/tech\/google-chrome-90-update-default-https-browsing-5919589\/\" target=\"_blank\" rel=\"noreferrer noopener\">scmagazine.com<\/a>)<br>10. Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever (<a href=\"https:\/\/www.vice.com\/en\/article\/wx5eyx\/meet-the-ransomware-gang-behind-one-of-the-biggest-supply-chain-hacks-ever\" target=\"_blank\" rel=\"noreferrer noopener\">Vice<\/a>)<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Android users have new reasons to worry\u2026 again. About a week ago, we provided information about the FlixOnline application which operators were able to successfully bypass the application authentication system in the Google Play Store. This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers are able to manipulate the data exchanged between the application and external memory. Details can be found below.<\/p>\n","protected":false},"author":1,"featured_media":2447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[],"class_list":["post-3984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersec-news","post--single"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog<\/title>\n<meta name=\"description\" content=\"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog\" \/>\n<meta property=\"og:description\" content=\"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Xopero Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-19T07:27:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-01T08:27:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1843\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"xopero_blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:site\" content=\"@xoperobackup\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"xopero_blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/\"},\"author\":{\"name\":\"xopero_blogger\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\"},\"headline\":\"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack\",\"datePublished\":\"2021-04-19T07:27:51+00:00\",\"dateModified\":\"2025-12-01T08:27:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/\"},\"wordCount\":1189,\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"articleSection\":[\"Cybersec news\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/\",\"name\":\"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"datePublished\":\"2021-04-19T07:27:51+00:00\",\"dateModified\":\"2025-12-01T08:27:53+00:00\",\"description\":\"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/security-center-en.png\",\"width\":1843,\"height\":481},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/en\\\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/xopero.com\\\/blog\\\/pl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"name\":\"Xopero Blog\",\"description\":\"Backup &amp; Recovery\",\"publisher\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xopero.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#organization\",\"name\":\"Xopero Software\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"contentUrl\":\"https:\\\/\\\/xopero.com\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/xopero-niebieskie.png\",\"width\":500,\"height\":132,\"caption\":\"Xopero Software\"},\"image\":{\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XoperoSoftware\\\/\",\"https:\\\/\\\/x.com\\\/xoperobackup\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/opero-sp-z-o-o-\\\/?viewAsMember=true\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xopero.com\\\/blog\\\/#\\\/schema\\\/person\\\/cab3d3cda6e8a1aecfa8abea8827b17c\",\"name\":\"xopero_blogger\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g\",\"caption\":\"xopero_blogger\"},\"sameAs\":[\"https:\\\/\\\/xopero.com\"],\"url\":\"https:\\\/\\\/xopero.com\\\/blog\\\/author\\\/xopero_blogger\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog","description":"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/","og_locale":"pl_PL","og_type":"article","og_title":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog","og_description":"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...","og_url":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/","og_site_name":"Xopero Blog","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2021-04-19T07:27:51+00:00","article_modified_time":"2025-12-01T08:27:53+00:00","og_image":[{"width":1843,"height":481,"url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","type":"image\/png"}],"author":"xopero_blogger","twitter_card":"summary_large_image","twitter_creator":"@xoperobackup","twitter_site":"@xoperobackup","twitter_misc":{"Napisane przez":"xopero_blogger","Szacowany czas czytania":"6 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#article","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/"},"author":{"name":"xopero_blogger","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c"},"headline":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack","datePublished":"2021-04-19T07:27:51+00:00","dateModified":"2025-12-01T08:27:53+00:00","mainEntityOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/"},"wordCount":1189,"publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","articleSection":["Cybersec news"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/","url":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/","name":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack - Xopero Blog","isPartOf":{"@id":"https:\/\/xopero.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#primaryimage"},"image":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","datePublished":"2021-04-19T07:27:51+00:00","dateModified":"2025-12-01T08:27:53+00:00","description":"This time we report two serious bugs found in WhatsApp. They enable the so-called \u2018man-in-the-disk\u2019 attack. What is it exactly? Attackers...","breadcrumb":{"@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#primaryimage","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2020\/04\/security-center-en.png","width":1843,"height":481},{"@type":"BreadcrumbList","@id":"https:\/\/xopero.com\/blog\/en\/beware-two-new-whatsapp-bugs-expose-you-to-a-man-in-the-middle-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/xopero.com\/blog\/pl\/"},{"@type":"ListItem","position":2,"name":"Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack"}]},{"@type":"WebSite","@id":"https:\/\/xopero.com\/blog\/#website","url":"https:\/\/xopero.com\/blog\/","name":"Xopero Blog","description":"Backup &amp; Recovery","publisher":{"@id":"https:\/\/xopero.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xopero.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/xopero.com\/blog\/#organization","name":"Xopero Software","url":"https:\/\/xopero.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","contentUrl":"https:\/\/xopero.com\/blog\/wp-content\/uploads\/2019\/03\/xopero-niebieskie.png","width":500,"height":132,"caption":"Xopero Software"},"image":{"@id":"https:\/\/xopero.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/xoperobackup","https:\/\/www.linkedin.com\/company\/opero-sp-z-o-o-\/?viewAsMember=true","https:\/\/www.youtube.com\/channel\/UCRPWyeo1apjSgkDW3hZpB9g?reload=9"]},{"@type":"Person","@id":"https:\/\/xopero.com\/blog\/#\/schema\/person\/cab3d3cda6e8a1aecfa8abea8827b17c","name":"xopero_blogger","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49b4a2bbd1b6df951fc556f7478f5fb20bb41aeebf08473e459b28c5da9947f7?s=96&d=mm&r=g","caption":"xopero_blogger"},"sameAs":["https:\/\/xopero.com"],"url":"https:\/\/xopero.com\/blog\/author\/xopero_blogger\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/comments?post=3984"}],"version-history":[{"count":9,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3984\/revisions"}],"predecessor-version":[{"id":7919,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/posts\/3984\/revisions\/7919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media\/2447"}],"wp:attachment":[{"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/media?parent=3984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/categories?post=3984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xopero.com\/blog\/wp-json\/wp\/v2\/tags?post=3984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}