Monday , January 25 2021

Flaws in WhatsApp's desktop app allowed remote access to files, Ars Technica

      WhatsAaaaaaap –

             

Yet another Electron implementation of a “secure” app turns out not to be.

      

      

           

The flaw, discovered by researcher Gal Weizman at PerimeterX , is a result of a weakness in how WhatsApp’s desktop was implemented using the Electron software framework, which has had significant security issues of its own in the past . Electron allows developers to create cross-platform applications based on Web and browser technologies but is only as secure as the components developers deploy with their Electron apps.

Weizman first found cross-site scripting vulnerabilities in WhatsApp in , when he found he could tamper with the metadata of messages, craft bogus preview banners for Web links, and create URLs that could conceal hostile intent within WhatsApp messages. But as he continued his explorations into the WhatsApp client, he found that he could inject JavaScript code into messages that would run within WhatsApp Desktop — and then gain access to the local file system using the JavaScript Fetch API .

Gal Weizman, PerimeterX

All of this was possible because the vulnerable versions of WhatsApp Desktop had been developed using an outdated, known vulnerable version of Google’s Chrome browser engine — Chrome . More recent versions of the Chromium engine would catch the malicious code.

According to Facebook, the vulnerability affects WhatsApp Desktop versions 0.3. and earlier, for users who have paired the desktop app with WhatsApp for iPhone versions prior to 2 . . Facebook has shipped new versions of WhatsApp Desktop that use updated browser components.

                                                    

About admin

Check Also

WhatsApp's upcoming features: Dark mode, self-destructing messages and more – Hindustan Times, Hindustantimes.com

WhatsApp's upcoming features: Dark mode, self-destructing messages and more – Hindustan Times, Hindustantimes.com

WhatsApp’s upcoming features include dark mode, self-destructing messages and multiple devices support. tech Updated: Dec 07, 2019 16:41 IST WhatsApp upcoming features.(Pixabay) WhatsApp’s recent beta updates showed new and upcoming features on the messaging app. WhatsApp has also updated its Android and iOS apps with new features like fingerprint lock and group privacy settings. WhatsApp…

Leave a Reply

Your email address will not be published. Required fields are marked *