Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop

2020-02-05 23:56

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer - if they use the desktop client paired with the iPhone app.

The security bug was fixed in January by Facebook in WhatsApp Desktop version 0.3.9309 and later.

Weizman added the heart of the flaw lies in the Chromium browser engine in the application framework Electron that WhatsApp relies on to provide a user interface for its desktop client.

While the cross-site scripting bug was patched a while back in Chromium, WhatsApp used an old version of Electron that included a vulnerable build of the browser engine.

In short, WhatsApp's desktop client was built on a version of Electron that used an out-of-date insecure Chromium build, which made it vulnerable to a flaw patched a while back.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/05/whatsapp_xss_bug/

#desktop #hacker #whatsapp

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Whatsapp		5	1	23	14	1	39