ISLAMABAD – WhatsApp encounters a dangerous security bug, Users across theWorld warned against it.
WhatsApp has encountered a big security bug. WhatsApp for Desktop on bothWindows and Mac allowed hackers to remotely access files on the computer.
While Facebook has already fixed the vulnerability, it could have leaked alot of important and crucial information of people who use WhatsApp desktopapplication.
The security bug majorly attacked users running the desktop client ofWhatsApp on Windows or Mac. However, some WhatsApp Web (works on WebBrowser) users were also left affected.
The WhatsApp desktop application’s vulnerability was first reportedby PerimeterX researcher Gal Weizman.
The report suggests that the bug majorly affected WhatsApp’s Mac or Windowsapp users who paired the app with an iPhone.
Read Top Stories
Upon digging up, the researcher reported that the security breach waswithin the Content Security Policy (CSP) of WhatsApp. This basicallyallowed Cross-Site Scripting (XSS) attacks on the desktop app.
In a blog post, Weizman said, “For some reason, the CSP rules were not anissue with the Electron-based app, so fetching an external payload using asimple JavaScript resource worked.”
He further added, “CSP rules are super important and could have preventeda big part of this mess.If the CSP rules were well configured, the powergained by this XSS would have been much smaller.”
