WhatsApp Security Bug You Didn’t Know Of
- February 10, 2020
- Hiba Sulaiman
With more than 1.5 billion monthly active users of the desktop platform, the scale of the impact could be high. It could affect iPhone users as well if they don’t update their desktop and mobile WhatsApp application and if they use old versions of Google Chrome.
National Security Database stated that if the WhatsApp Desktop versions older than 0.3.9309 is paired with WhatsApp for iPhone versions older than 2.20.10, the vulnerability allows cross-site scripting (XSS) and local file reading. The vulnerability can be exploited if the clicks a link preview from a specially crafted text message.
To be more specific, users are left vulnerable to attacks by flaws that allow both the links and text content in website previews to be tampered with to display false content and modified links that point to malicious websites or initiate downloads.
Harmful code or links can be injected into seemingly innocuous exchanges that could cause unsuspecting users to click on malicious links that appear to them like messages from a friend.