Security News
A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer - if they use the desktop client paired with the iPhone app. The security bug was fixed in January by Facebook in WhatsApp Desktop version 0.3.9309 and later.
Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."
The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who said he found multiple issues in WhatsApp Desktop, starting with an open redirect into persistent XSS and Content Security Policy bypass, and then a "Cross platforms read from the local file system." One of the main issues Weizman identified was that an attacker could modify WhatsApp reply messages to include quotes of messages the recipient never sent.
When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.
When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.
Beyond these high-profile instances, various journalists and human rights activists have been targeted globally after a WhatsApp zero-day vulnerability was exploited by attackers who were able to inject spyware onto victims' phones. Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities - the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance.
The iPhone of Amazon founder Jeff Bezos, the world's richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. The mysterious file was sent when crown prince Salman and Bezos were having a friendly WhatsApp conversation, and it's 'highly probable' that it exploited an undisclosed zero-day vulnerability of WhatsApp messenger to install malware on Bezos's iPhone.
Candid pictures used to threaten Amazon boss Jeff Bezos were exposed not by his current paramour's brother, as some believe, but through a sophisticated hacking operation personally directed by the crown prince of Saudi Arabia, Mohammad bin Salman, The Guardian suggests. The paper today claims to have been told by anonymous sources that Bezos' phone was hacked using a WhatsApp message from the personal account of bin Salman himself.
Take a break from calling for the end of e2e, so they can switch encrypted chat apps It's not just the European Union the UK's ruling party wishes to leave. According to the Guardian, the recently...
WhatsApp's end-to-end encryption is only secure if you don't have the encryption keys. But researchers at Check Point Research developed a method of discovering the encryption keys, a produced a...