WhatsApp bug could let strangers see your personal files
Disastrous flaw has been fixed in recent update
Your support helps us to tell the story
As your White House correspondent, I ask the tough questions and seek the answers that matter.
Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.
Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election
Andrew Feinberg
White House Correspondent
A potentially disastrous security flaw has been found in WhatsApp, which allowed strangers to see a person's personal files.
The exploit would have let someone see the information on a person's computer if they sent them a malicious link, security researchers said.
The bug has since been fixed and is not thought to have been exploited.
If someone was attacked by the bug, they would receive a link that may look legitimate, including the small preview that shows when someone sends a link on WhatsApp.
But clicking it would have allowed the attacker to exploit a weakness in WhatsApp's Content Security Policy, which allowed users to send manipulated, malicious messages.
Once that happened, an attacker would have been able to gain access to the files stored on the person's computer.
The issue affected people who use the desktop version of WhatsApp, which borrows from the mobile version of the app.
The bug has been fixed in recent updates, and users have been warned to make sure that everything they are using to chat on WhatsApp – the phone app, as well as the one being used on the desktop – should be updated to avoid any issues.
“We regularly work with leading security researchers to stay ahead of potential threats to our users," a WhatsApp spokesperson said. "In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop.
"The bug was promptly fixed and has been applied since mid December.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments