WhatsApp vCard Flaw Puts Millions of Web Client Users at Risk
Serious vulnerabilities within the WhatsApp Web client that put millions of those using this web client on their PCs at risk have now been taken care of by the company.
This security flaw that was affecting the PC client had the potential to trick users into running a malicious code on their PCs and in turn give hackers full control of the system. This vulnerability was discovered by researchers from the Check Point security firm, who immediately informed the WhatsApp team.
WhatsApp Web is a mirror app of the phone app that syncs the phone app to the web browser in order to display the messages on your PC or tablet for that matter. When a message comes to your phone app, it is immediately mirrored to the desktop client in real time. Users can then respond to these messages right from their desktops. However, there is a catch, and it’s that throughout the chatting, the phone must remain connected to the internet or else, the messages won’t come to the desktop client.
WhatsApp Web flaw associated with improper filtering of vCards
According to Check Point, the WhatsApp Web flaw is brought about by the inability for the app to properly filter contact cards, for instance, vCards as well as a lack of validation as far as vCard formats or contents are concerned.
For a hacker to gain control of your system, he only needs your phone number. When in possession of it, he will send you a message in the form of a vCard. This innocently-looking vCard is laden with arbitrary code, and once it is opened, the executable code starts its work, distributing bots and other malware to your system as instructed by the hacker.
Facebook has taken care of WhatsApp Web flaw
WhatsApp was informed of this flaw on August 21, and a few days later, the company had responded swiftly with a new update to the web client. A WhatsApp Web patch was rolled out on August 27, and it brings this application to v0.1.4481. This version has taken care of this ransomware bug and others that were making this client a risk.
If you have not updated to the latest version of WhatsApp, please do so in order to stay clear of this security flaw. Another way of ensuring safety is by not opening any message (vCard) that you are not familiar with as this might contain malicious code that might damage your system.