A nasty vulnerability has been discovered in the WhatsApp desktop client used by millions of people around the world. That vulnerability allows an attacker to send a malicious link that, when clicked on, could give the attacker access to all the files on a WhatsApp user’s computer.
The vulnerability was discovered by security researcher Gal Weizman. It works by exploiting a flaw in the Chromium platform, of all things. Chromium is what Google’s Chrome browser is based on. However, Chromium is also used in the Electron platform, which is what Facebook’s WhatsApp desktop app is built on.
The Electron platform allows developers to create desktop apps using web standards, which makes porting web-based apps to the desktop easy, no matter if it’s for Windows or macOS. So yep, when you’re using WhatsApp on Mac or PC, you’re really just using a repackaged web app–not a native app.
As Weizman found, unfortunately, the previous version of the WhatsApp app for Mac and PC suffered from the Chromium vulnerability in the Electron-based platform. The good news is after Weizman discovered the vulnerability, Facebook fixed it and put out a patch.
In order to make sure your Mac or PC files are protected if you use the WhatsApp desktop client, make sure you’ve updated to the latest version of the desktop client by doing the following:
- On a PC, if you downloaded WhatsApp via the Microsoft Store, run software update for all apps in the store, and if there’s a WhatsApp update, be sure to download it.
- On a PC, if you downloaded WhatsApp from the company’s website, check for updates within the app itself. Or download the latest version directly from the WhatsApp website.
- On a Mac, if you downloaded WhatsApp via the Mac App Store, check for updates for all apps in the store, and if there’s a WhatsApp update, be sure to download it.
- On a Mac, if you downloaded WhatsApp from the company’s website, check for updates within the app itself. Or download the latest version directly from the WhatsApp website.