Researcher discovers WhatsApp bug that allowed hackers to access files on your PC | Tech News

Researcher discovers WhatsApp bug that allowed hackers to access files on your PC

The WhatsApp bug, now fixed, affected desktop users of the app. Read more details about the hack here.

By: HT CORRESPONDENT
| Updated on: Aug 20 2022, 19:22 IST
Critical security flaw in WhatsApp desktop platform allowed hackers read from the file system access
Critical security flaw in WhatsApp desktop platform allowed hackers read from the file system access (REUTERS)

Facebook has fixed another security flaw in WhatsApp that could have allowed attackers to gain access to your files on your computer.

Discovered by Gal Weizman, a security researcher at PerimeterX, the vulnerability affected WhatsApp's Windows app when paired with an iPhone and the Mac app. The exploit was discovered in the Content Security Policy (CSP) which enabled hackers to modify messages and links via XSS (cross-site scripting). The researcher said he could leverage the exploit to gain access to a user's files on their PC.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

"A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message," said Facebook in a post.

Also read
Looking for a smartphone? To check mobile finder click here.

The company said the exploit was discovered in "WhatsApp Desktop prior to v0.3.9309 paired with WhatsApp for iPhone versions prior to 2.20.10."

Weizman in his blog said, "Fortunately for WhatsApp, Chromium based browsers added a defense mechanism against javascript: URIs just when I found this vulnerability. Unfortunately for WhatsApp, on other browsers such as Safari and Edge, this vulnerability was still wide open."

The report comes days after WhatsApp was caught in a big privacy scandal wherein attackers targeted individuals around the world. The hackers reportedly used Pegasus spyware, developed by Israel-based surveillance firm NSO Group. Even Amazon CEO Jeff Bezos suffered a targeted attack via WhatsApp.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 06 Feb, 15:56 IST
NEXT ARTICLE BEGINS