WhatsApp flaw could have let hackers access your PC
Even after amassing more than 1 billion users, WhatsApp doesn't appear to be doing enough on the security side of things. The messaging service has already been marred by plenty of bugs. And if the latest report is anything to go by, another issue was detected recently in the app - a series of flaws that could have let hackers access your computer.
Security flaws in desktop app of WhatsApp
As reported by security firm PerimeterX, the desktop app of WhatsApp, made for Windows and macOS, had certain vulnerabilities that could have been exploited through an iPhone to access computers and read files/documents stored on them. This would have ultimately given hackers the fodder they typically need to blackmail people, extort money out of them, or carry out sophisticated phishing attacks.
How the bugs could have risked your data
The issues in question tied to WhatsApp desktop's Content Security Policy, which opened a way to send manipulated messages and links using Cross-Site Scripting (XSS). This particular trick, they emphasized, could be used by a threat actor to craft and send a malicious code designed to access the local file system of a target's computer. From there, its data could be read, even stolen.
PerimeterX demonstrated how difficult it would be to detect
Gal Weizman, a security researcher at PerimeterX, demonstrated the impact of the bug and showcased how a specially-crafted malicious message could be sent as an innocuous link, like one to sign up on Facebook. This is a major threat, as you wouldn't even notice that the link is malicious until you have clicked and the malware has started acting.
How to dodge this issue?
The issue is concerning, but it is worth noting that these bugs were patched last month itself. This means you don't have to worry as long as you are using the latest version of WhatsApp's desktop and iOS apps. If you are still on an older iteration of the app (older than v0.3.9309 in particular), we'd recommend updating it right away.