- PIXEL.WhatsApp will bring these novelties in 2020
- PIXEL.WhatsApp: So you can easily know which contacts are online and how many times they connect daily
A total of four critical security flaws in WhatsApp Web exposed users' devices, which an attacker could access by sending a message, with a legitimate appearance, but with malicious content.
WhatsApp web is the version for computers (PC and MAC) of WhatsApp that allows the user to access the functions of the application from their desktop . It can be run as a web browser tab or through an executable file on our desktop.
The vulnerabilities, which have been discovered by researchers at the cybersecurity company Perimeter X, are based on cross-site scripting , a security hole that allows a third party to inject Javascript code or similar into a web application.
In WhatsApp , when the user sends a message that contains a link, the application adds a preview with additional information, such as the name of the page and its description, so that the receiver knows where he is clicking . However, this data comes from the sender of the message and can be maliciously altered.
Taking advantage of this, an attacker could use a modified but apparently legitimate malicious message, change the URL of the link and enter malicious Java code hidden through the cross-site scripting .
Using this technique, the attacker can gain access to WhatsApp system files and execute code arbitrarily on the device through the application of the user who receives the malicious chat.
This bug is present only in some browsers such as Safari and in older versions of Edge, but not in others based on Chromium, according to the research, and is due to the use of the application development tool Electron, based on old versions , in WhatsApp of Chromium still affected by the problem.
After discovering these vulnerabilities, Perimeter X researchers have informed Facebook, a company that owns WhatsApp since 2014, and these bugs have been fixed through a security patch on WhatsApp Web for PC and Mac distributed on January 21.
According to the criteria of The Trust Project
Know moreTechnology Facebook renounces that WhatsApp has ads (except in the states)
Technology Can WhatsApp hack me like they did with Jeff Bezos?
Security A failure in TikTok allowed access to users' personal data