Facebook has warned WhatsApp users that a flaw in the application’s desktop tool allows attackers to read files on macOS and Windows PCs. Attackers can easily launch cross-site scripting attacks by sending cleverly written text messages. These socially crafted messages help attackers to extract files on the computer where WhatsApp Desktop is being used. The security flaw opens up vulnerabilities to a number of Security threats.
What causes the WhatsApp Desktop security issues?
Researcher Gal Weizman of PerimeterX discovered the flaw, which he claims is a result of the implementation of the Electron software framework. It is important to note that the Electron software framework has created a number of security issues in the recent past. The framework lets developers to write cross-platform apps using a browser and web technologies. Unfortunately, it is not al secure and it depends on developers alone how they deploy their apps. As in this case, they can deploy malware as well.
How and when did the security issues come to surface?
Weizman discovered the vulnerability in 2017 when he realized that he can easily mess with the metadata of the messages. He also understood that he can write bogus preview banners that can conceal the URL in them. Eventually, he also discovered that he can insert JavaScript code into messages. This allowed him to access files on every computer he gained access to. Finally, he was able to extract the local fuel system with the help of JavaScript Fetch API.
If you are worried that you might be using an old version of the WhatsApp, here is what you need to do:
- Update your WhatsApp Desktop to the latest version
- Update your WhatsApp applications on iOS and Android devices
- Connect afresh so that you sync everything easily
Act now to eliminate threats on WhatsApp Desktop
Only the older versions (before 0.3.9309) of WhatsApp Desktop are vulnerable to this issue. In addition, affected include those who have connected WhatsApp for iPhone with the desktop application, and use 2.20.10. Facebook has already worked on the issue and launched newer versions of the app that addresses this critical vulnerability. Make sure to update all your WhatsApp applications at the same time in order to eliminate any traces of vulnerability.
