Security vulnerability in the web version If you also use WhatsApp on your PC, you should act now
If you use WhatsApp not only on your cell phone but also via the Windows app, you should be careful. A security vulnerability makes it easier for potential fraudsters to smuggle in malware.
No time? blue News summarizes for you
- A vulnerability in the desktop version of WhatsApp allows attackers to disguise dangerous malware as harmless image files.
- The smartphone app is not affected by this vulnerability.
- Meta has already provided an update and urges users to update their WhatsApp application for Windows to the latest version.
Millions use WhatsApp every day not only on their smartphones, but also conveniently on their Windows computers. But it is precisely this desktop application that harbors a pitfall. A newly discovered security vulnerability allows attackers to hide dangerous malware behind harmless-looking image files.
The vulnerability only affects the desktop version of WhatsApp for Windows PCs, not the mobile app. As the parent company Meta announced in a security warning, the problem lies in the way the application displays and opens received files. Older versions of the app displayed attachments based on their declared "MIME type", i.e. a kind of label that roughly categorizes the file type (e.g. as image, audio, application). However, if a user clicked on the attachment, the actual file extension was used to open it.
Deceptive preview can become a trap
Attackers can exploit precisely this discrepancy. They could prepare a malicious executable file, such as a virus or Trojan, so that it has the MIME type of an image. WhatsApp for Windows would then display a harmless image preview to the recipient. "If users click on it, however, they would execute the dangerous application," the report warns. One careless click is enough to potentially install malware on your own computer.
Meta classifies the vulnerability as "moderate". The classification is not higher, as a successful attack requires user interaction - the user must actively click on the manipulated file. Nevertheless, the method is suitable for deceiving users relatively easily. "A maliciously created discrepancy could have led to the recipient unintentionally executing arbitrary code", Meta's technical description states. So far, however, there is no evidence that the vulnerability is already being actively exploited.
Update strongly recommended
The company has since closed the vulnerability by updating the Windows application (version 2.2450.6 and newer). Users of WhatsApp for Windows are strongly recommended to update the application immediately to protect themselves from potential attacks. Only the latest version guarantees protection against this threat.
