A vulnerability in WhatsApp Desktop versions before 0.3.9309 when paired with WhatsApp for iPhone versions before 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
whatsapp whatsapp |
||
whatsapp whatsapp for desktop |
Dear Facebook, please keep up with Electron and Chromium fixes, ta Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message
A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer β if they use the desktop client paired with the iPhone app. A patch has been issued and should be installed. Bug-hunter Gal Weizman, from security shop PerimeterX, discovered and reported CVE-2019-18426, a cross-site scripting hole that could potentially allow an attacker to get to the local file system of another user simply by sending a specially crafted message. The security bug was fixed i...