- Meta reveals that he found a vulnerability in WhatsApp for Windows
- It affects all the previous versions and allows the computer pirates to deceive people to execute .exe files
- The defect allows criminals to show .exe files as harmless photos in chat
Meta has solved vulnerability in its client WhatsApp for Windows, which allowed threat actors to falsify executable files such as images.
In a security notice published on Facebook, the company said it addressed a supplant problem at WhatsApp for Windows, before version 2,2450.6.
The error “showed attachments according to its mime type, but selected the opening controller of the file based on the extent of the file file of the attached file,” Meta explained.
Without abuse in nature
“An imbalance of maliciously elaborated could have caused the recipient to implement the arbitrary code instead of seeing the attached file by manually opening the attached file within WhatsApp.”
According CyberinsidicThis mismatch is a “classical method” for exploitation based on social engineering, since it allows threat actors to send files that seem harmless, but in fact they are malicious. “If a victim doubles the attached file within WhatsApp, the underlying executable could be executed, compromising the user system,” the publication wrote.
All previous versions of the software were vulnerable, Meta more explained, recommending that users apply the patch immediately.
At the same time, the Cybernews The team says that there is currently no evidence that vulnerability is being exploited in nature. However, as usual with these things, as soon as the news of vulnerability is broken, cybercriminals begin to look for vulnerable final points.
Most cyber attacks these days begin with social engineering. A Phishing message, combined with a malicious attached file, can be sent by email or through an instant messaging platform such as WhatsApp. It can deceive the victim to make a precipitous decision, executing the attachment without thinking first.
Email addresses are filtered much more frequently than phone numbers, which makes the attacks transmitted by WhatsApp a little less likely. However, many organizations also reap this information, and then store it in poorly configured and not protected by raisins, which are often collected by malicious actors and sold in the dark network.
Adam Pilton, senior cybersecurity consultant at Cybersmart, said that this is a dangerous vulnerability since many people are parts of different WhatsApp groups where images are shared all the time. This presents a great opportunity for criminals and the great risk for users:
“It is really important to emphasize that this WhatsApp vulnerability impacts Windows desktop users. Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous, because if a cyber -relete of Ciber could share this image in their group or with someone who trusts to share it to share it to share it to share it to share it to share it to share it to share it to share it to share it to share it to share it to Execute without knowing it with the malicious code associated with the shared image associated with the shared image, “,” he says.
“However, it is good to see that the solution is at hand and is easy to achieve and is to apply an update to WhatsApp.”
Through Cybernews
