If you run WhatsApp’s desktop client on your Mac or PC then you would be wise to make sure it’s up-to-date, following the revelation that a security researcher uncovered a critical security flaw.
Gal Weizman of Perimeter X found problems in the Windows and Mac versions of WhatsApp Desktop, which users pair with the smartphone version of the messaging app.
Weizman discovered an array of issues in the cross-platform desktop apps that are built using web browser technology with the Electron software framework.
Perhaps the most alarming flaw found by Weizman was one which could allow an attacker to simply send some JavaScript in a WhatsApp message to their intended victim in order to trigger the reading of their locally-stored files.
Embarrassingly for Facebook, the makers of WhatsApp, Weizman had found that the software was using an old, out-of-date version of the Google Chromium engine (Chromium 69), for which vulnerabilities were already known.
Weizman issued a warning to other developers of the risks if they didn’t keep their users patched with the latest updated software:
“If you’re going to use Electron, you HAVE to make sure it is updated with each update of Chromium. And this is such a big one – Chromium updates are not just cool new features, in most Chromium updates, serious vulnerabilities are being patched! When Chromium is being updated, your Electron-based app must get updated as well, otherwise you leave your users vulnerable to serious exploits for no good reason!”
Concerned users should check which versions of WhatsApp Desktop they have installed on their Windows PC or Mac. Version 0.3.9309 and earlier are affected by the vulnerability.
Facebook updated the WhatsApp desktop and iPhone apps last month to fix the issues uncovered by Weizman.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
