comscore WhatsApp bug that allowed access to your desktop files fixed | BGR India
News

WhatsApp fixes bug on desktop that allowed access to your personal files

The WhatsApp bug made it possible for remote attackers to gain access to files on your desktop if you used the desktop app and paired it with an iPhone.

  • Updated: February 5, 2020 5:10 PM IST
WhatsApp

About a month ago, WhatsApp fixed a bug on its desktop application that allowed attackers to read files from the targeted user’s computer. Now, new information suggests that the bug may have affected who used WhatsApp’s desktop application for Mac or Windows. Further, the bug has likely affected people who paired the desktop application with an iPhone. Also Read - Coronavirus: Don't believe this WhatsApp hoax about masks

The post was published by security firm PerimeterX. Gal Weizman, the company’s security researcher, found vulnerabilities in the app’s Content Security Policy (CSP). The vulnerability could be exploited to send manipulated messaged and links using Cross-Site Scripting (XSS). Also Read - WhatsApp Pay will be available in several countries in the coming months

Watch: Top Asus laptops launching in 2020

Though the loophole existed on both, it had a wider scope for attackers on the WhatsApp desktop application. The researcher saw that it was possible to read the file system and identify the remote code execution (RCE) potential on the desktop application. Moreover, all the method needed to trick users was a specially crafted message that users would click on. Also Read - WhatsApp should add a “doubt” button to combat fake news: Report

Weizman also took advantage of the flaws to do a test. He himself send malicious code and was able to read files from a computer’s local file system. Hence, he proved that the method can be used to extract sensitive documents from a machine running WhatsApp‘s desktop application. Weizmann was also able to find code and change it where messages on the desktop app are found. He even went ahead and forged a banner. The banner contained a link preview but also included a potentially malicious link.

The researcher suggested that WhatsApp should not be using the older version of Google’s Chromium platform to avoid such flaws. Moreover, it is a good idea to update both the desktop and your phone to avoid leaving the possibility of an attack. Moreover, you must definitely take care of this if you use an iPhone with the Desktop app.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: February 5, 2020 5:08 PM IST
  • Updated Date: February 5, 2020 5:10 PM IST



new arrivals in india

Best Sellers