Security researchers have discovered a major security flaw in the popular messenger's desktop app.

WhatsApp security hole discovered – The most important thing to start with:

  1. Affected are users with WhatsApp Web v.0.3.9309 or older coupled with the iPhone app before v.2.20.10
  2. WhatsApp link preview can be manipulated through gap
  3. It is recommended to update

You can not only use the messenger service via your smartphone, but also connect it to your PC. To do this, you use the messenger’s desktop app “WhatsApp Web”. Now, however, US security researcher and Java specialist Gal Weizman has discovered a security gap here.

Outdated version contains vulnerability

This affects users who are still using WhatsApp Web version 0.3.9309 or older coupled with the iPhone app before version 2.20.10.

Parent company Facebook has also released a warning about its security service, saying: “A vulnerability in WhatsApp Desktop in conjunction with WhatsApp for iPhone allows cross-site scripting and local file reading. To exploit the vulnerability, the victim must click on a link preview in a specially crafted text message.”

Attackers gain access to computers

Specifically, the danger came from how WhatsApp handles the link preview. The security hole gives attackers the opportunity to change both the text and the URL of a sent message. The manipulated JavaScript code can direct the user to malicious websites. What is particularly dangerous is that attackers can specifically include manipulated code in what is actually a harmless message.

[mk_ad]

If you click on such a modified link, hackers gain access to the computer on which the desktop version is running. In this way, the victims' data can be accessed and additional malware can also be placed on the PC.

Open source framework Electron as a trigger

Gal Weizman explains that the outdated version of the open source framework Electron is the cause of this security vulnerability. The code base is also used by Google Chrome, but there is no security hole here. The company apparently did not respond in time to adapt the application to the latest version of Electron, Weizman said.

Be sure to update WhatsApp Web

The security gap has now been eliminated. However, users who use WhatsApp Web coupled with the iPhone should check their versions and update to the latest versions.
To check which version of WhatsApp Web is installed, go to “Help” via “Settings” and see which version is currently being used.

Screenshot WhatsApp web version @Mimikama
Screenshot WhatsApp web version @Mimikama

 

It is generally advisable to always keep your apps up to date so that you can receive important security updates.

[mk_ad]

Related to the topic: “ Whatsapp Payment: Sending money via Messenger

Source: Techbook.de
Article image: Shutterstock / By DANIEL CONSTANTE


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )