What you need to know
- The latest update for WhatsApp on Mac has patched a serious security flaw.
- The flaw was discovered by security researcher Gal Weizman.
- It allowed users to exploit the quote feature in a group conversation to change the identity of the sender and could be used to redirect people to malicious websites.
An update for WhatsApp on macOS has patched a security flaw that could be used to redirect users to malicious websites.
As reported by 9to5 Mac:
If you use WhatsApp on Mac, you'll want to make sure the desktop app has been updated to the current version, 0.4.316. This closes a very nasty security hole.
The vulnerability was discovered by security researcher Gal Weizman. It built on an earlier issue in which replies could fake the original text…
Weizman's blog states:
Back in 2017, while I was traveling in Peru, I found a security flaw that Check Point published a few months later. That flaw was simple. In the words of Check Point's researchers in this article published in 2018, it allowed an attacker to "alter the text of someone else's reply, essentially putting words in their mouth."
Giezman went on to research the flaw to see where it was evident and how it could be used. He found four unique security flaws in WhatsApp, including one which could use the reply feature to rewrite messages using the quote feature and incorporate links to malicious websites. He was also able to use malicious code to read files from a Mac.
The full rundown is very complex, but you can read it here. In conclusion, he said:
And that's pretty much it. I have to admit I've put a lot of effort and time into this research, but I'm glad to say it all paid off. I think there are a few very interesting ideas here that should inspire you to explore new types of security flaws that probably exist out there. I encourage you to go ahead and do that responsibly! And if you're on the other side of the game, please use this article to harden your application. It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message.
We may earn a commission for purchases using our links. Learn more.
Plan your day with Hour Blocks and its amazing iOS 14 Home screen widgets
Planning your day is no fun but sometimes you find an app that goes some way to making it less boring. Hour Blocks does a decent job and it looks lovely, too.
Scribble Together gets the coolest iOS 14 App Clip we've seen so far
Scribble Together has released its new App Clip for Scribble Together, which will allow users to collaborate on a Scribble Together whiteboard even if they don't have the app.
TikTok is being banned in the U.S. from Sunday, September 20
The U.S. Department of Commerce will ban TikTok and WeChat from U.S app stores from Sunday.
Pick the best Eufy RoboVac for you with our handy guide
Eufy makes some pretty compelling robotic vacuums and there are a lot to choose from. With a vast difference between the lower end, more affordable models and the smarter, connected, high end options, there are many factors to consider when deciding which model would be best for your household. We have compared the best of Eufy's RoboVac range here so you can find the right one for you.