The vulnerability was discovered by security researcher Gal Weizman. It built on an earlier issue in which replies could fake the original text…
A threat actor may use the “quote” feature in a group conversation to change the identity of the sender, even if that person is not a member of the group, as well as the text of someone else’s reply, essentially putting words in their mouth.
There’s no fix available for that, which is what got Weizman thinking. If you can mess with text, why not do the same with a link?
He was then able to get that malicious code to read files from either a Windows PC or a Mac.
These types of applications are written using Electron. Electron is a cool platform that lets you create “native” applications using standard web features. This makes things super easy for a lot of big companies since it allows them to have one source code for both their web applications and native desktop applications. Electron constantly updates along with the platform it is based on: Chromium.
That means my XSS works since this is – after all – a variant of Chromium! […]
And even worse – Since Chromium 69 is relatively old, exploiting a 1-day RCE is possible! There are more than 5 different 1-day RCEs in Chromium 69 or higher, you just need to find a published one and use it through the persistent XSS found earlier and BAM: Remote Code Execution ACHIEVED! […]
This works for WhatsApp Windows Desktop/Mac Desktop.
Earlier today, we reported on a Philips Hue vulnerability which would not only allow an attacker to control your bulbs but potentially gain access to your whole network. The moral of the story: keep your apps and devices updated.
FTC: We use income earning auto affiliate links. More.