May 14, 2024
Headlines

WhatsApp, serious security flaw on the desktop version: how to protect yourself

Miners Hashrate03 mins
WhatsApp, serious security flaw on the desktop version: how to protect yourself

Facebook has issued a warning for one security flaw in WhatsApp Desktop which can allow an attacker to take advantage of the cross-site scripting technique to access files on Mac or Windows desktop / notebook systems using a specially constructed message. The attacker could, in this way, be able to recover the contents of the files on the computer of the user who is at the other end of the communication channel and to whom the message is sent, and potentially perform other illegal actions.

The flaw was discovered by PerimeterX security researcher Gal Weizman and the result of a vulnerability in the way the Whatsapp desktop implementation was conducted using the Electron framework, which had already shown itself some security problems in the past. Electron is a tool that developers can use to easily build cross-platform applications based on Web and browser technologies, but obviously as safe as the components that the developers set up within the apps they are building with this framework.

Weizman first identified WhatsApp cross-site scripting vulnerabilities in 2017, when he discovered the possibility of tampering with message metatads, fabricating fake preview banners from links to web pages and creating URLs capable of obfuscating an intention hostile within WhatsApp messages. The researcher continued his investigation into the Whatsapp client, discovering that he could inject JavaScript code into the messages, code that would later be executed within WhatsApp Desktop to thus gaining access to the local filesystem using the JavaScript Fetch API.

Read This Now:   Intel announced the future of RealSense. It's not good

Everything was possible because the vulnerable versions of WhatsApp Desktop were developed using an old version, known for some vulnerabilities, of the Google browser engine Chrome. Newer versions of Chromium detect and neutralize malicious code.

The vulnerability affects versions of WhatsApp Desktop from 0.3.9309 and earlier, combined with the iPhone app from version 2.20.10 and earlier. Facebook has released new versions of WhatsApp desktop that use the upgraded browser component.

Related posts:

Google’s Self-Designed Tensor Chips will Power Its Next Apple Unveils Smartwatch With a Focus on Fitness FSP T-Wings, a box to mount two PCs at onceFSP T-Wings, a box to mount two PCs at once PS5 and Xbox Series X SSDs will surpass PC NVMePS5 and Xbox Series X SSDs will surpass PC NVMe new 32GB DDR4 memories with ultra low latencynew 32GB DDR4 memories with ultra low latency WQHD IP monitor of 27 inches and 170 HzWQHD IP monitor of 27 inches and 170 Hz

Related News


Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/bitcoinminershashrate.com/wp-includes/functions.php on line 5420

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/bitcoinminershashrate.com/wp-includes/functions.php on line 5420