What you need to know
- The latest update for WhatsApp on Mac has patched a serious security flaw.
- The flaw was discovered by security researcher Gal Weizman.
- It allowed users to exploit the quote feature in a group conversation to change the identity of the sender and could be used to redirect people to malicious websites.
An update for WhatsApp on macOS has patched a security flaw that could be used to redirect users to malicious websites.
As reported by 9to5 Mac:
If you use WhatsApp on Mac, you'll want to make sure the desktop app has been updated to the current version, 0.4.316. This closes a very nasty security hole.
The vulnerability was discovered by security researcher Gal Weizman. It built on an earlier issue in which replies could fake the original text…
Weizman's blog states:
Back in 2017, while I was traveling in Peru, I found a security flaw that Check Point published a few months later. That flaw was simple. In the words of Check Point's researchers in this article published in 2018, it allowed an attacker to "alter the text of someone else's reply, essentially putting words in their mouth."
Giezman went on to research the flaw to see where it was evident and how it could be used. He found four unique security flaws in WhatsApp, including one which could use the reply feature to rewrite messages using the quote feature and incorporate links to malicious websites. He was also able to use malicious code to read files from a Mac.
The full rundown is very complex, but you can read it here. In conclusion, he said:
And that's pretty much it. I have to admit I've put a lot of effort and time into this research, but I'm glad to say it all paid off. I think there are a few very interesting ideas here that should inspire you to explore new types of security flaws that probably exist out there. I encourage you to go ahead and do that responsibly! And if you're on the other side of the game, please use this article to harden your application. It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message.
We may earn a commission for purchases using our links. Learn more.
Apple VP Deirdre O’Brien talks adjusting Apple Retail during the pandemic
O'Brien talked about the company's experience in adapting its business to the pandemic at the Fortune Brainstorm Tech virtual conference.
Julianna Margulies, star of 'The Good Wife,' signs on to 'The Morning Show'
Margulies, who has earned nominations for 10 Emmy Awards and 12 Golden Globe Awards, will star alongside Witherspoon and Aniston.
Cast your vote for the best products of the year for the Future Tech Awards
We’re asking iMore readers, to vote on the best products and professionals in multiple categories to help us honor the ground-breaking innovations at the Future Tech Awards.
Find love with these dating simulators on Nintendo Switch
Love is always in the air when you're playing a dating simulator game. Here are the best ones for Nintendo Switch.