WhatsApp is usually thought of as a secure messaging app, but while your messages might be safely encrypted, the service’s apps are as prone to security vulnerabilities as any others. And the latest WhatsApp bug is a big one.
Security researcher Gal Weizman recently found a major vulnerability in the desktop versions of WhatsApp that could allow hackers install malware, see your messages, and even remotely access files stored on your PC simply by sending snippets of code through seemingly normal-looking messages. And according to the researchers who found the bug, it seems to have been exploited by hackers already.
In order for the attack to work, you have to first read a malicious message, so you’re probably safe unless you accept and open conversation requests from random users. While WhatsApp fixed this issue with a patch in December, you’ll want to make sure you’re running the latest version of the desktop client (especially if you haven’t used WhatsApp in some time). The vulnerability affects WhatsApp Desktop versions 0.3.9309 and earlier; you can download an updated version of WhatsApp Desktop for Windows and Mac here.
So what exactly caused such a massive bug in the first place, and how did it go unnoticed? Ars Technica’s report on the bug indicates the vulnerability is due to flaws in the Electron app framework Facebook uses for the WhatsApp desktop client, which allows for easier development and rollout between multiple platforms simultaneously.
You can get the full details in Ars Technica’s piece, but the Electron framework uses outdated Chromium browser code with glaring security issues that enable hackers to send and execute malicious code through WhatsApp messages. The issues were patched out of Chromium a while ago, but they persisted in Electron—and therefore the desktop WhatsApp client—until the bug was finally discovered this week. So, again, update your client and never open random messages in any me