contador web Saltar al contenido

Security flaw in WhatsApp Desktop allows access to files on Windows and macOS

If you usually access your WhatsApp from your computer, using the WhatsApp Desktop program, the suggestion is that you look for an update quickly.

The Windows and macOS version has a flaw that allows an intentional person to access your computer's files just by sending a malicious link.



The flaw was discovered some time ago, but Facebook (the messenger?s owner) took time to fix the breach. Previous Desktop versions 0.3.9309 are vulnerable, as is version 2.20.10 on iOS.

The fault allows an invasion technique (known as cross-site scripting) that injects JavaScript code into the program, which is actually an encapsulated web page (the old WhatsApp gambiarras).

A vulnerability in WhatsApp Desktop when combined with WhatsApp for iPhone allows cross-site scripting and reading local files. Exploiting the vulnerability requires the victim to click on a link view of a specially crafted text message.

Therefore, if you use the computer program or even an old web browser, try to update everything quickly, so as not to take risks.