Skip to main content
  1. Home
  2. Social Media
  3. News

WhatsApp fixes bug that could have allowed hackers to read your desktop files

Shubham Agarwal
By

WhatsApp patched a security loophole in its desktop apps last month that could have potentially allowed hackers to access your computer’s local files. Discovered by a cybersecurity researcher at PerimeterX, the vulnerability affected the messaging service’s Windows and Mac clients when they were paired with an iPhone.

Recommended Videos

The flaw was found inside WhatsApp’s Content Security Policy, an extra security layer companies often employ to prevent a certain set of attacks and made possible for malicious actors to manipulate messages and links through a method called Cross-Site Scripting.

Related

When a user would tap on one of these adulterated texts, they would unknowingly grant the attacker permissions to read their computer’s local files, as well as to inject malicious codes. While the vulnerability did require interaction from the user to function, it was possible to execute it remotely.

“A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message,” parent company Facebook wrote in a security advisory.

The bug affects WhatsApp Desktop builds prior to v0.3.9309 and WhatsApp for iPhone versions prior to 2.20.10. It was fixed on 21st January 2020. Therefore, to ensure you’re safe, go ahead and update the WhatsApp app on your computer and iPhone.

“Older versions of Google Chrome’s Chromium framework, as used by the vulnerable versions of the WhatsApp desktop application, are susceptible to these code injections, although newer versions of Google Chrome have protections against such JavaScript modifications. Other browsers such as Safari are still wide open to these vulnerabilities,” explained PerimeterX’s founder and CTO, Ido Safruti.

The vulnerability doesn’t impact Android because unlike iOS, it has additional protections in place against Javascript banners. “iOS omitted this check, which enabled banners with malicious content to load on iOS devices,” added a PerimeterX spokesperson.

In the last year, WhatsApp has had a hard time keeping security vulnerabilities out. In November, the Facebook-owned messaging giant patched a flaw that could have let hackers take control of a phone with just an MP4 file. A few weeks back, it was found that that same bug also compromised Amazon’s Jeff Bezos’ phone and sensitive data. Telegram’s CEO later, in a scathing blog post, accused WhatsApp of deliberately planting backdoors for law enforcement agencies and masking them as bugs when caught.

Editors' Recommendations

Topics
Shubham Agarwal
Shubham Agarwal
Journalist
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
WhatsApp Buisness is beta testing a new shortcut for quick replies
Close up of WhatsApp icon as seen on a smartphone display. Credits: WhatsApp official.

WhatsApp has released several new updates to enhance the platform’s engagement rate. Now, the company has enabled a new shortcut for quick replies on the beta versions of both Android and iOS , though some users who have installed the latest update may still not see this option. This is because the option has been rolled out only to select beta testers, and others may need to wait for further updates to see this option enabled.
"Quick replies" was one of the earliest features introduced to the WhatsApp Business platform. It allows for reusing frequent messages via keyboard shortcuts, a little similar to how the G-board memory works when typing out similar messages or emails. To use quick replies, a user needs to type out "/" as suggested by "WABetaInfo", and then select the message to send from the list.
WhatsApp's several major updates in 2021 have made it the market leader in messenger downloads. NurPhoto/Getty Images
The reasons for adding this shortcut are currently unknown, but the real benefits will be experienced once the update is available to a wider audience. At the moment, the new shortcut option has been added to the chat share action menu that can be seen by both Android and iOS device users.
What's next?
Meanwhile, WhatsApp has plans for several updates for 2022, including an option for hiding the "last seen" view for specific contacts. The social media giant's basic messenger and business versions are currently at the number 2 and number 5 positions, respectively, in the "free communication apps" section in the Google Play Store, compared to Telegram, which is at number 3. However, the combination of 5.5 billion downloads from WhatsApp apps on Android makes it the clear market leader. 

Read more
Upcoming WhatsApp groups feature could be a potential lifesaver
A person using WhatsApp Messenger on his Android smartphone.

Over the years, WhatsApp has added several features that help WhatsApp group administrators moderate their groups better. Some of these include restricting the ability of nonmembers to send messages to the group and banning unruly members. Now, it seems the Facebook-owned messaging client is working on another feature that has been on the wish list of several group admins.

According to WABetaInfo, WhatsApp is likely to give group admins the power to delete messages sent by other group members. To understand why this is such a big deal, it is important to know WhatsApp's current restrictions with respect to group messages.

Read more
WhatsApp launches crypto-powered mobile payments in the U.S.
WhatsApp Messenger on an iPhone.

WhatsApp has launched a digital payments pilot in the U.S., allowing a limited number of people to send and receive money with the same ease they would a regular message. This payment feature is powered by the Meta-owned Novi digital wallet service, which uses Pax Dollars (USDP) to facilitate transfers, and they all go through instantly.

Meta launched Novi back in 2020, saying, "With Novi, sending money will be as easy as sending a message. You’ll be able to use Novi as a stand-alone app, as well as in Messenger and WhatsApp. There will be no hidden charges to add, send, receive or withdraw money, and your transfers will arrive instantly. All Novi customers will be verified using government-issued ID, and fraud protections will be built in throughout the app."

Read more