Update WhatsApp Desktop Client to Block Remote Access Vulnerability

WhatsApp is generally considered a secure messaging application, but while your messages can be securely encrypted, service applications are just as vulnerable to security vulnerabilities as any other. And the last WhatsApp error is a serious one.

Security researcher Gal Weizman recently discovered a serious vulnerability in desktop versions of WhatsApp that could allow hackers to install malware, view your messages, and even remotely access files stored on your computer by simply sending snippets of code through what appears to be normal messages. And according to the researchers who discovered the bug, it looks like hackers have already exploited it.

For the attack to work, you must first read the malicious message, so you are probably safe unless you accept and open conversation requests from random users. Although WhatsApp fixed this issue with a patch in December, you should make sure you have the latest version of the desktop client installed (especially if you haven’t used WhatsApp for a while). The vulnerability affects WhatsApp Desktop version 0.3.9309 and earlier; you can download the updated version of WhatsApp Desktop for Windows and Mac here .

So what caused this massive mistake in the first place, and how did it go unnoticed? Ars Technica’s bug report states that the vulnerability stems from flaws in the Electron app platform that Facebook is using for the WhatsApp desktop client, making it easier to develop and deploy across multiple platforms at the same time.

You can get the full details in the Ars Technica article, but the Electron platform uses outdated Chromium browser code with clear security issues that allow hackers to send and execute malicious code via WhatsApp messages. The issues were fixed a while ago in Chromium, but they persisted in Electron – and therefore the WhatsApp desktop client – until the bug was finally discovered this week. So, update your client again and never open random messages in any messaging app.

More…

Leave a Reply