Security News > 2020 > February > This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
2020-02-04 12:22

When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message.

In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

In the case when an unsuspecting victim views the malicious message over the browser, the flaw could have allowed attackers to execute arbitrary code in the context of WhatsApp's web domain.

As shown in the screenshot above, Weizman demonstrated the remote file read attack over WhatsApp by accessing the content of the hosts file from a victim's computer.

The open-redirect flaw could have had also been used to manipulate URL banners, a preview of the domain WhatsApp displays to the recipients when they receive a message containing links, and trick users into falling for phishing attacks.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/hVYLkzU91p8/hack-whatsapp-web.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Whatsapp 5 1 11 13 16 41