UPDATE: A WhatsApp spokesperson has reached out to TechRadar Pro with the following statement saying that the issue has now been fixed:
“We regularly work with leading security researchers to stay ahead of potential threats to our users. In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop. The bug was promptly fixed and has been applied since mid December.”
A cybersecurity researcher has discovered multiple security vulnerabilities in WhatsApp, revealing that one of the most widely used messaging apps is not as safe as once thought.
The vulnerabilities found in the WhatsApp desktop app can be used to aid phishing campaigns, spread malware and potentially even ransomware to put millions of users at risk as the messaging service currently has over 1.5bn monthly active users.
- WhatsApp dark mode: everything you need to know
- WhatsApp chats can be hacked with a malicious GIF
- WhatsApp hits malware maker with mega lawsuit
By finding a gap in the Content Security Policy (CSP) used by WhatsApp, Weizman was able to enable bypasses as well as cross site scripting (XSS) on the messaging service's desktop app. This allowed him to gain read permissions from the local file system on both the Mac and Windows desktop apps.
Through the WhatsApp desktop platform, Weizman was able to find the code where messages are formed, tamper with it and then let the app continue to send these messages as it normally does. This bypassed filters and sent the modified message through the app as usual where it appeared relatively normal in the user interface. Weizman even discovered that website previews, which are displayed when users share web links, can also be tampered with before being shown.
Interested users that want to learn more about Weizman's discovery can check out his blog post (opens in new tab) on Perimeter X's website.
- We've also highlighted the best live chat software (opens in new tab).