WhatsApp Desktop Security Flaws Uncovered: Stay Safe with These Tips

If you’re using WhatsApp Desktop, listen up! Gal Weizman, a top-notch security expert at PerimeterX, recently found some serious security issues in the WhatsApp Desktop app. These problems could let hackers steal files from your computer, whether you’re on Windows or MacOS, just by sending you a sneaky message.

Open Redirect and XSS: A Double Trouble

In a detailed blog post, Weizman explained how WhatsApp’s Open Redirect vulnerability can lead to Cross-Site Scripting (XSS) attacks. Here’s how it works: a hacker sends you a special message, and if you click on it, they can run harmful commands on your computer. This could lead to them stealing your private files. Scary, right?

Misconfigured Content Security Policy: Another Concern

On top of that, there’s a misconfiguration in WhatsApp’s Content Security Policy. This lets attackers run XSS payloads of any size within an iframe, making the app even more attractive to cybercriminals.

Doing the Right Thing: Responsible Disclosure and Bug Bounty

Weizman found these issues a year ago and immediately told Facebook. They fixed the problems and released an updated version of WhatsApp Desktop. As a thank you, Facebook gave Weizman $12,500 through their Bug Bounty program.

Other Security Incidents You Should Know About

In other news, Google recently told users that some of their personal videos might have been accidentally shared with others due to a technical problem in the Google Takeout service. Between November 21-25, 2019, videos stored in Google Photos were sent to other users. This affected people who used Google Takeout during those dates. Google has apologized and said they’ve fixed the issue.

Also, Joe Vennix from the Apple Security team found a security problem in the SUDO utility, which is used in macOS, UNIX, and Linux. This utility lets users run commands with higher-level privileges. The issue, called CVE-2019-18634, lets a user with low privileges run commands with high-level privileges by changing a small setting in the SUDO utility’s configuration.

Lastly, cybersecurity experts at Check Point found two big security problems in Microsoft’s cloud platform, Azure. These issues could let attackers take control of servers running on Azure. Microsoft has fixed these problems and rewarded the researchers with $40,000 through their bug bounty program.