Facebook is not having a good start of the year. From the data breach to Instagram Desktop not loading properly things have been shaky.
New in the vulnerability news is WhatsApp. The Facebook-owned company recently patched a critical Whatsapp vulnerability that allowed potential strangers to read files from a User`s local system, on both macOS and Windows platforms.
Facebook`s security advisory explains
“A vulnerability in Whatsapp Desktop when paired with iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click the link preview from a text message.”
This flaw was discovered by Perimeter X Researcher Gal Weizman. He found the flaw in Whatsapp`s Content Security Policy that allowed cross-site scripting. While investigating he found out that he was able to read permissions on the local file systems.
Before the patch, the flaw allowed attackers or unintended users to inject malicious code and links with the end goal of monetary or personal attacks.
Whatsapp has over 2 billion monthly active users, so attacks could be executed on a large scale resulting in many disastrous consequences. Facebook recently patched another bug that could be used to crash the app in a loop.
It is recommended to keep your apps updated and limit your access to third parties.