If you use the WhatsApp desktop version for your chats and calls, you should consider making an update to it. This is because of a flaw existent, that could allow an attacker read the files on your MacOS or Windows PC by using a specially crafted text message.
According to Facebook, which issued a warning to users, the flaw affects the app’s Desktop versions 0.3.9309 and earlier, for whoever has paired the desktop app with WhatsApp for iPhone versions prior to 2.20.10.
Apparently, the affected versions of WhatsApp Desktop had been developed using Chrome 69, an outdated and yet vulnerable version of Google’s browser engine. The code would go on to spread to even more recent versions of the Chromium engine.
Read About: Why Internet Explorer is dangerous to use
Details of the WhatsApp desktop flaw
The flaw was discovered by researcher Gal Weizman at PerimeterX, who confirmed that it is a result of a weakness in how WhatsApp’s desktop was implemented using the Electron software framework. Electron allows developers to create cross-platform applications based on Web and browser technologies but is said to have had significant security issues in the past.
Weizman’s findings with the WhatsApp client indicated to him that an attacker can inject JavaScript code into messages that run within WhatsApp Desktop—and then gain access to the local file system using the JavaScript Fetch API.
Facebook says they have shipped new versions of the client that use updated browser components.
Read About: WhatsApp and ads in Africa
