Man-in-the-Disk Vulnerability in WhatsApp [CVE-2021-24027] 20 April 2021 **tl;dr** WhatsApp stored TLS session resumption files on the sdcard where a malicious application or some social engineering attacker could read.