BackWhatsApp flaw let attackers remotely access files, reveals report
Older version of the WhatsApp's desktop version have left the app vulnerable to attackersHere's how to steer clear of WhatsApp bug
PremiumA critical security flaw was recently found in the desktop version of WhatsApp, which has reportedly led attackers to insert JavaScript into messages and remotely access files from a Windows or a Mac computer.
The flaw, which was first reported by PerimeterX researcher Gal Weizman, revealed a mix of multiple high-security vulnerabilities that exist within WhatsApp web.
According to the report, the WhatsApp web vulnerability has been tracked as CVE-2019-18426, which allowed for cross-site scripting (XSS).
The issue, which has reportedly been fixed by Facebook as of now, could be vulnerable to an open-redirect flaw that may lead to persistent cross-platform scripting attacks triggered by sending certain crafted messages to WhatsApp users.
The report further stated that the vulnerabilities affect WhatsApp's desktop software from version 0.3.9309 and earlier, as well as people who connected the app with WhatsApp's iOS editions before 2.20.10.
US National Vulnerability Data (NVD) also issued a report describing the WhatsApp vulnerability:
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
This is not the first WhatsApp bug reported in near past. Just a few months back, researchers at global cybersecurity firm Check Point had reported that WhatsApp carried a serious vulnerability in its phone app that led to group chat crash the moment a destructive message was introduced by the hackers in the chat, leading the entire group chat history being deleted forever. The solution: installing the latest version, or more precisely, deleting the app and reinstalling it on phone.
The only way to steer clear of the recent vulnerability would be to update your desktop version and to consequently update the app on your Andorid and iOS phones to the latest version. Such vulnerabilities creep in to your app if you are not persistently updating it.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
