Researcher discovers WhatsApp bug that allowed hackers to access files on your PC
The WhatsApp bug, now fixed, affected desktop users of the app. Read more details about the hack here.
Facebook has fixed another security flaw in WhatsApp that could have allowed attackers to gain access to your files on your computer.
Discovered by Gal Weizman, a security researcher at PerimeterX, the vulnerability affected WhatsApp's Windows app when paired with an iPhone and the Mac app. The exploit was discovered in the Content Security Policy (CSP) which enabled hackers to modify messages and links via XSS (cross-site scripting). The researcher said he could leverage the exploit to gain access to a user's files on their PC.
"A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message," said Facebook in a post.
The company said the exploit was discovered in "WhatsApp Desktop prior to v0.3.9309 paired with WhatsApp for iPhone versions prior to 2.20.10."
The report comes days after WhatsApp was caught in a big privacy scandal wherein attackers targeted individuals around the world. The hackers reportedly used Pegasus spyware, developed by Israel-based surveillance firm NSO Group. Even Amazon CEO Jeff Bezos suffered a targeted attack via WhatsApp.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.