The JavaScript code attached to a malicious banner could bypass protection mechanisms and access the local file system of the victim.The vulnerability appeared in the Windows and Mac versions of the app where it manages banners or previews of web links in messages.The desktop platform of WhatsApp has more than 1.5 billion monthly active users. Tracked as CVE-2019-18426, the cross-site scripting flaw could potentially allow an attacker to reach the local file system of user simply by sending a specially crafted message.Hackers could enter through notification messages that appear completely normal to unsuspecting users.Researcher Gal Weizman of PerimeterX found a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to infiltrate systems with loaded malware. Researchers have reported a vulnerability in WhatsApp desktop client for iPhones which puts victim’s files-on their computers-at risk. The flaw affected WhatsApp desktop versions prior to when paired with WhatsApp for iPhone versions prior to 2.20.10.
The desktop platform of WhatsApp has more than 1.5 billion monthly active users.
0 kommentar(er)
