WhatsApp Patches Dangerous Spoofing Vulnerability Affecting Windows Users
WhatsApp has addressed a significant security flaw that allowed attackers to spoof file attachments, making executables appear as harmless images, PDFs, or other types of files. The issue primarily affects Windows users running app versions older than 2.2450.6.
The vulnerability is tied to WhatsApp’s handling of attachments, where the app displays the file based on its MIME type instead of its filename extension. MIME (Multipurpose Internet Mail Extensions) is a standard used to define the type of file an attachment contains. In this case, a maliciously crafted mismatch between the MIME type and file extension could trick users into unknowingly executing harmful code.
For instance, an attacker could send an executable file with a .exe extension but disguise it as an image/jpeg attachment. To the recipient, it would appear as a safe image file. However, if the user opens the file, WhatsApp would use the extension to handle the file, potentially triggering the execution of arbitrary code.
While the flaw presents a significant risk, it requires user interaction for exploitation. Attackers would need to deceive victims into trusting and manually opening the file. Despite the risk, there’s no evidence that this vulnerability has been actively exploited in the wild. Given the need for user engagement and the complexity of the attack, the flaw has been assigned a severity score of 6.7 out of 10.
This vulnerability was discovered through a responsible disclosure from an external researcher via Facebook’s security bounty program. WhatsApp advises all users to update to the latest version of the app to ensure they are protected from this flaw.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
