WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

2020-02-05 16:50

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users.

"Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."

Bad actors can inject harmful code or links into "Seemingly innocuous exchanges," according to Safruti, causing unsuspecting users to click on malicious links that appear to them like messages from a friend.

"Such attacks would be possible by simply modifying the JavaScript code of a single message prior to delivery to its recipient."

Through the WhatsApp desktop platform, Weizman was able to find the code where messages are formed, tamper with it and then let the app continue in its natural message-sending flow.

News URL

https://threatpost.com/whatsapp-bug-malicious-code-injection-rce/152578/

#RCE #whatsapp

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Whatsapp		5	1	23	13	2	39