Security News > 2024 > July > WhatsApp for Windows lets Python, PHP scripts execute with no warning
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them.
WhatsApp blocks multiple file types considered to carry a risk to users but the company tells BleepingComputer that it does not plan to add Python scripts to the list.
EXE, WhatsApp shows it and gives the recipient two options: Open or Save As. However, when trying to open the file, WhatsApp for Windows generates an error, leaving users only the option to save the file to disk and launch it from there.
EXE,.COM,.SCR,.BAT, and Perl file types using the WhatsApp client for Windows.
EVTX. BleepingComputer's tests confirmed that WhatsApp does not block the execution of Python files and discovered that the same happens with PHP scripts.
BleepingComputer contacted WhatsApp to alert them that the PHP extension is also not blocked but has not received a response at this time.