iPhone owners who chat on WhatsApp are being warned of a shock new threat which could leave them open to attack from cybercriminals. The latest alert comes after a vulnerability was discovered which could allow hackers to view and read personal files stored on your computer.

The issue impacts those who use an Apple iPhone paired with WhatsApp’s popular WhatsApp Desktop app on either macOS or Windows 10. Explaining more about the issue, Facebook’s security advisory revealed that a “vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading.”

It seems for the hack to work, WhatsApp users needed to click on a link sent in “a specially crafted text message”.


The flaw was discovered by Gal Weizman a researcher at PerimeterX who said he found a gap in WhatsApp’s Content Security Policy. Speaking about his findings, Weizman said: “I really wanted to find a major security flaw in a well-known and widely used service, and I felt like WhatsApp was a good start. So I gave it a go since I already had some clue of existing security flaws in WhatsApp mobile and web applications.

READ MORE: WhatsApp dark mode is finally here but you’ll need to know this trick to use it

“I was not ready for what the next few months brought with them, but I can assure you – it was one hell of a ride. I managed to find four more unique security flaws in WhatsApp which led me all the way to persistent XSS and even reading from the local file system – by using a single message.

“The theoretical concept is as follows: if you run an old version of a vulnerable app, one can exploit that vulnerability and do bad things to you.”

PerimeterX says with WhatsApp having 1.5 billion monthly active users, attacks could be executed on a large scale resulting in grave implications.

READ MORE: WhatsApp has monumental Android news and its rivals can only dream of matching it

If you are concerned by this threat it’s worth noting that the affected versions are as follows.

WhatsApp Desktop prior to v0.3.9309 paired with WhatsApp for iPhone versions prior to 2.20.10. The problem has now been patched by Facebook so it’s vital that you make sure all of your iPhones and desktop apps are fully updated to avoid any issues.

Source link