WhatsApp on PC, a flaw discovered on the version
For those who tend to use the WhatsApp messaging app on their computer, it was recommended that they update their software as soon as possible.
This article will also interest you: WhatsApp is not a safe messaging service according to the UN
As we speak, Facebook has already found a security fix to address the security breach. The fact remains, however, that this loophole has existed for a long time. Years they say. this is entirely plausible because WhatsApp used, on computers was based on an older version of Chromium, version that left hackers the ability to insert malicious codes a tad easily. Simply put, it is possible that anyone with the skill could have had access to the content of your computer, the messages you changed via WhatsApp, your personal files, modify them or even exfiltrate them. Hackers were allowed so many opportunities. As a reminder, the app is based on Electron, which has the main feature of facilitating the distribution of applications across multiple platforms. However, if the application is based on a web engine that is obsolete to it, security will be to be desired see existing.
It is noted that versions 0.3.9309 and all those that have preceded are affected by the security breach recently detected. However a simple update is able to protect you vulnerability.
The researcher behind the discovery of the security notified the fact that it took much longer to detect the security flaw to find a way to plug it. He will note by the further: "I think my research shows some very interesting ideas that should inspire you to explore new types of security vulnerabilities that probably exist. I encourage you to do so responsibly. and If you are a platform editor, please use this article to harden your application. It is 2020, no product should allow a complete reading of the file system from a single message. ».
Last November, another vulnerability was discovered on the WhatsApp messaging app. The title of the breach that would have been referenced at the time was CVE-2019-11931. In the dictionary of security vulnerabilities, it can be described as important. The latter was more full-bodied than the recent one. indeed with just the victim's phone number, the hacker could run a malicious program on the user's terminal remotely. To do this he had to use an mp4 file. "The bug was due to a buffer overrun, by hijacking the program a hacker could introduce instructions within the sent video. The instructions offer the ability for a person to install spyware or malware on the targeted device. We still don't know if the flaw was identified and exploited before Facebook intervened. The researcher explained.
Now access an unlimited number of passwords: