• The desktop platform of WhatsApp has more than 1.5 billion monthly active users.
  • The flaw affected WhatsApp desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10.

Researchers have reported a vulnerability in WhatsApp desktop client for iPhones which puts victim’s files—on their computers—at risk.

What happened?

Researcher Gal Weizman of PerimeterX found a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to infiltrate systems with loaded malware.

  • Hackers could enter through notification messages that appear completely normal to unsuspecting users.
  • Tracked as CVE-2019-18426, the cross-site scripting flaw could potentially allow an attacker to reach the local file system of user simply by sending a specially crafted message.
  • The flaw affected WhatsApp desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10.

How does it work?

The desktop platform of WhatsApp has more than 1.5 billion monthly active users.

  • The vulnerability appeared in the Windows and Mac versions of the app where it manages banners or previews of web links in messages.
  • The JavaScript code attached to a malicious banner could bypass protection mechanisms and access the local file system of the victim.
  • According to the researcher, the heart of the flaw lies in the Chromium browser engine in the application framework Electron.
  • WhatsApp relies on it to provide a user interface for its desktop client.
  • Though the cross-site scripting (XSS) bug was patched earlier sometime back in Chromium, WhatsApp used an older version of Electron for Chromium.

Explaining further, Weizman said, “Electron is a cool platform that lets you create ‘native’ applications using standard web features. This makes things super easy for a lot of big companies since it allows them to have one source code for both their web applications and native desktop applications. Electron constantly updates along with the platform it is based on Chromium.”

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://cyware.com/news/using-whatsapp-on-your-computer-could-put-your-files-at-risk-fa24b4d6