HomeTech infoAttack the network

Detecting WhatsApp flaws allows an attacker to access files on the machine

A group of international security researchers recently discovered and reported a critical vulnerability exists in the WhatsApp application, which could allow potential attackers to access the local file system of users, on both macOS and Windows platforms.

Specifically, this is a Cross-Site Scripting (XSS) vulnerability that exists in the process of pairing between the WhatsApp desktop application (WhatsApp Desktop) and the WhatsApp app for iPhone. If successfully exploited, it will allow hackers to access the device's local file system.

All versions of WhatsApp Desktop prior to v0.3.9309 were affected by this problem when setting up the pairing process with WhatsApp versions for iPhone from 2.20.10.

This vulnerability was tracked with the identifier CVE-2019-18426, and the severity was quite high (8.2). This is because it can be exploited remotely, but CVE-2019-18426 also requires user interaction to be successful.

The flaw was discovered by researcher Perimx Gal Weizman when he found an anomaly in WhatsApp's Content Security Policy (CSP), allowing malicious insertion through scripts to execute them on the client side - A typical form of XSS attack. The attack mechanism is described as follows.

Detecting WhatsApp flaws allows an attacker to access files on the machine Picture 1

The flaw appears on the Windows and Mac versions of the application, in the process of managing banners or previewing web links in messages. JavaScript that is embedded in a malicious banner can bypass victim protection and local file system access. According to the researchers, the heart of the flaw lies in the Chromium browser tool of the Electron application framework. WhatsApp relies on this framework to provide a user interface for its desktop clients. The hacker can then invade through the notification message appears completely normal, when the victim clicks on preview of the attached link from a message created by the hacker.

There have been no reports regarding the actual exploitation of the flaw, and Facebook has also released the corresponding patch. However, users are also advised to update their applications to the latest version to minimize any potential risks.

5 ★ | 1 Vote

You should read it

May be interested

  • Instructions for making video calls on WhatsApp application on iPhoneInstructions for making video calls on WhatsApp application on iPhone
    after a few weeks of testing on the beta version, whatsapp finally released the video call feature available to all users using the app on ios, android and windows phone devices. all you need to do is access the app store (google play store), download or update the whatsapp application (version 2.16.17) and you can make video calls with friends and relatives on whatsapp.
  • Instructions for reviewing WhatsApp group participantsInstructions for reviewing WhatsApp group participants
    to secure the whatsapp group and the content in the whatsapp chat group, the admin should control who joins the group. at that time, those who want to join the whatsapp group must submit a request and admin review to be able to access the group.
  • WhatsApp can become a web browserWhatsApp can become a web browser
    according to the information of androidworld page, after analyzing some of the code in the latest whatsapp version, the experts discovered some commands that whatsapp can add the ability to surf the web when using the application.
  • Things to keep in mind when using WhatsApp on the WebThings to keep in mind when using WhatsApp on the Web
    whatsapp application now has a version for both computers and mobile devices. all messages you send and receive are fully synchronized on your phone and computer, so you can view all messages on both devices.
  • WhatsApp updates new message notificationsWhatsApp updates new message notifications
    the new notification whatsapp will be similar to the seen word that usually appears after the facebook chat to inform the sender that their message has been read.
  • How to use WhatsApp on MacHow to use WhatsApp on Mac
    despite the fierce competition with telegram and signal, whatsapp remains the most popular messaging platform in the world. according to figures calculated by the end of 2020, this facebook service has more than 2 billion users worldwide and the number continues to grow.
  • How to create WhatsApp chat shortcutsHow to create WhatsApp chat shortcuts
    creating a whatsapp chat shortcut will help you contact the other person right from the screen on your phone, without having to access the whatsapp application to search for their messages.
  • How to activate 2-step verification of WhatsApp accountHow to activate 2-step verification of WhatsApp account
    on the latest version of whatsapp is integrated and introduces additional 2-step verification to improve application security. from now on when the user registers his phone number on whatsapp, he will receive a 6-character passcode.
  • How to turn off online status on WhatsAppHow to turn off online status on WhatsApp
    when you are online whatsapp will display a notification, letting others know if you have access to whatsapp or not. the following article will guide you to turn off online status on whatsapp.
  • Download WhatsApp 2.2102.9Download WhatsApp 2.2102.9
    whatsapp is one of the most popular chat and instant messaging apps available today. this service allows users to save data by texting via a computer connected to the internet.

Attack the network