WhatsApp’s Desktop App Vulnerability Gave Remote Access To Hackers

A major security flaw in WhatsApp’s desktop app for Windows10 and macOS could give hackers remote access to files stored on your computer by inserting JavaScript into messages.

According to Facebook’s most recent security advisory, the flaw affects WhatsApp’s desktop version 0.3.9309 and earlier. The vulnerability also affects users who paired the desktop app with WhatsApp’s iPhone version before 2.20.10.

Updating the WhatsApp desktop app on your PC will likely guard you against any exploitation.

WhatsApp vulnerability

Gal Weizman at PerimeterX originally discovered the security flaw in the platform. Back in 2017, he first found multiple issues with the app, including tampering with the metadata of messages, sending malicious URL’s via the platform, and more.

But not long ago, he discovered that he could gain access to local storage merely by injecting JavaScript code into messages.

Apparently, the desktop app of WhatsApp was running an older release of Google’s Chromium web engine, i.e., Chrome 69. Any new version would have easily caught any injection of malicious code.

The root cause of the vulnerability began with Facebook implementing the WhatsApp desktop version using the Electron software framework, which already has a history of multiple security issues, according to Ars Technica. For those who don’t know, Electron helps in building cross-platform apps based on web technology.

While WhatsApp offers end-to-end encryption for enhanced security, the platform is only safe when it is updated regularly with the latest security fixes.