Security Flaw In WhatsApp Desktop Allowed Access To Local File System !!
Security Flaw In WhatsApp Desktop Allowed Access To Local File System !!
Such an alteration could allow an adversary to redirect users to malicious links by showing them false banners and misleading messages with them. The researcher could continue the exploitation of the bugs from the simple open-redirects to achieve persistent XSS whilst bypassing the WhatsApp Content Security Policy (CSP) and, further, to achieve read access to the local file system.
In brief, when he started testing WhatsApp, he found two vulnerabilities that affected all major WhatsApp platforms. That is, WhatsApp for Android, iOS, Mac, Windows, and web versions. These vulnerabilities were not difficult to exploit but certainly had a malicious impact.
One of these was a simple alteration of text messages via WhatsApp Web by altering one line of code. Whereas, the other vulnerability allowed altering banners of the links shared in WhatsApp conversations.
It was all possible since WhatsApp was not running on the latest version of Electron a Chromium-based application that facilitates in building native apps. Since the XSS existed in the older Chromium versions, the older Electron versions also became vulnerable to such attacks. As stated by the researcher, If WhatsApp would have updated their Electron web application from 4.1.4 to the latest which was 7.x.x at the time this vulnerability was found this XSS would never have existed!
To know about latest happenings in technology industry check out other posts of GadgetsTricks.com Thanks For Your Time !
Kaustubh
A tech fanatic with a hunger for knowledge in the evergrowing field of computer science and technology.Having interest in Web Designing and Development.Follow me on Instagram :-kaustubh_zade
Post a Comment