Researcher Kasif Dekel from security firm Check Point has discovered a security flaw in WhatsApp Web, which could affect more than 200 million users. The flaw can be used by hackers to trick users to excute an arbitrary code, by simply sharing a malicious contact file in vCard format. The only thing required by hackers is a user’s registered number on WhatsApp.
To exploit the vulnerability, a hacker needs to share a contact with the malicious code embedded, to the user being attacked. The user will see the contact as a normal contact file, and the moment he will click on it, the file runs an arbitrary code that affects PC with remote access trojans (RATs), ransomware and other types of malware. The firm has posted on its official blog that the vulnerability lies in improper filtering of contact cards, sent as the widely-used vCard format. The post further says that they were surprised to discover that WhatsApp does not validate the vCard format or its contents. Researchers have said that they notified WhatsApp about the issue on August 27, and the company acknowledged and released an initial fix. The fix has been rolled out to WhatsApp Web version 0.1.4481 and above. Users are advised to update their WhatsApp Web to the latest version as soon as they see the notification for the same.
Oden Vanunu, Security Research Group Manager at Check Point said, “Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client.”
Since WhatsApp has a large userbase, a large number of people are vulnerable to the threat. Last week, WhatsApp CEO and co-Founder Jan Koum announced that Whatsapp has reached 900 million monthly active users. As estimated by the security firm, there are about 200 million users, who use WhatsApp Web.
Other Popular Deals
- Top 10 Android launchers (December 2016)The 10 best job hunting apps on Android
- The 10 scariest horror games on AndroidAndroid app stores: 5 best alternatives to Google Play Store
- Best Android apps for rooted devices18 apps for a memorable Valentine's Day
- Top 15 Android games that you should playThe 20 best looking games for mobile phones
- 8 Android apps to tickle your funny bone17 must have apps for any Android device (plus alternatives)
- 5 apps to get the Android Lollipop look on your smartphoneTake control of your Android device with these apps
- 7 weird and strange apps for your Smartphone10 neat Google apps you may not know of
- 10 essential Indian apps for Android devicesPerfect Viewer