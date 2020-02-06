App
Time to reset economy

Last Updated : Feb 06, 2020 10:41 AM IST | Source: Moneycontrol.com

WhatsApp bug allowed hackers to remotely access files from desktop

The security flaw was detected in WhatsApp’s desktop client from version 0.3.9309 and WhatsApp for iOS version 2.20.10 by security researcher Gal Weizman.

Moneycontrol News @moneycontrolcom

WhatsApp’s desktop client reportedly featured a bug that allowed hackers to access files by inserting a JavaScript message. The Facebook-owned messaging app has now patched the vulnerability on Windows and macOS.

The security flaw was detected in WhatsApp’s desktop client from version 0.3.9309 and WhatsApp for iOS version 2.20.10 by security researcher Gal Weizman. He stated that the bug existed in WhatsApp’s Content Security Policy that had allowed attackers to carry out XSS attacks.

For the uninitiated, an XSS attack - aka Cross-site Scripting - means that an attacker can send a misleading file with a malicious JavaScript link. When the victim clicks on the link, an HTTP request is generated from their browser, which is sent to the vulnerable web application.

Weizman demonstrated the flaw in his blog post, where he also stated that the scope of the flaw was wider on WhatsApp’s desktop application over the web client. He also uploaded screenshots that showed the data retrieved from the victim’s computer by remotely using the WhatsApp desktop application.

WhatsApp patched the ‘high’ classified bug last year after Weizman's intimation. "A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message,” read the description of the flaw provided by the US National Vulnerability Data.


First Published on Feb 6, 2020 10:41 am

tags #WhatsApp

Copyright © e-Eighteen.com Ltd All rights resderved. Reproduction of news articles, photos, videos or any other content in whole or in part in any form or medium without express writtern permission of moneycontrol.com is prohibited.