WhatsApp messenger has a potential security vulnerability with the Windows version of the app. The problem would be Allow attachments to be sent without objection up to certain dimensionsand can be easily used to send malicious files to potential victims.
Users can send files to each other in formats applications or scripts Python and PHPThe recipient can click on the attachment to open the contents directly or save them to their machine, and either action could be enough to open the door to infection.
The person who discovered the risk was a cybersecurity expert Saumyajeet Das. Web site Computer beeping tested the breach and managed to send files that could be used to install malware.
WhatsApp client for Windows Allows seamless sending of files in PYZ, PYZW and EVTXIn case of other potentially malicious extensions like .EXE, the messaging app tends to block them from being sent or executed.
Malicious users, such as cybercriminals, can send large amounts of files containing malware to public chats, such as groups, or private chats, such as conversations with other people. According to the researcher, the company simply added the extensions to the existing ban list to eliminate any possibility of risk.
What does the meta say?
According to Saumyajeet, he informed Meta about the dangers of this permission in early June of this year. But two weeks later, the company confirmed that the issue had been “previously reported by another researcher” and did not follow up again.
In a note sent Computer beepingcompany He confirmed that he was aware of the situation but did not see it as a problem and did not plan to fix it..
“Malware can come in different forms, including downloadable files that are designed to trick users. So We caution users to never click on a file from a person they do not know, regardless of how they received it. — whether via WhatsApp or any other app,” the note says.
To date, sending attachments in these extensions is still available in version 2.2428.10.0 of the WhatsApp client for Windows. The loophole in rival Telegram, which had the same vulnerability reported months ago, has been patched by the developer.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.