contador gratuito Skip to content

WhatsApp: a flaw in the PC and Mac application puts your files at the mercy of hackers!

Phonandroid : actu Android et High-tech

The WhatsApp PC and Mac application is the victim of a fairly serious new security breach. Hackers can hijack the application to execute JavaScript code that gives them remote access to files on the machine. Facebook recommends updating the key versions.

WhatsApp Crédits: WhatsApp.com

WhatsApp is affected by a serious security breach. Discovered by PerimeterX researcher Gal Weizman, the vulnerability allows, on certain versions of the desktop application for Windows 10 and macOS. The researcher tells in a very detailed post how the banners which generate themselves automatically in the conversations when a link is inserted.

surprisingly these banners are not generated on the server but on the client of the user sending the message. Therefore, explains Gal Weizman, it is possible to manipulate the behavior of these banners. And that's what he did. Until discovering several flaws. First, it is possible to hide a malicious link in an address apparently coming from a reliable site.

Then, he realized that it was possible to modify these banners to execute Javascript code on the recipient's device. At first nothing serious, since he could only display an empty error message. Then with a little work, he realized that it was possible to bypass the protections of WhatsApp to execute code much more dangerous.

Until reaching a remote server, without ever touching the victim's machine. At that time, the researcher could read the system files on the target machine … Fortunately, Gal Weizman is a White hat – he therefore warned Facebook before his discovery.

How to update WhatsApp

Mark Zuckerberg’s firm quickly released an update which it is highly recommended to install. As always, you can install this WhatsApp update directly from the official website:

Download the latest version of WhatsApp for PC / Mac

Source: PerimeterX