WhatsApp suffered from vcard leak in web client

Spread the love

WhatsApp has patched a vulnerability in WhatsApp Web that allowed an attacker to open a vcard containing malware in the browser. The attacker would have had enough with only the phone number of his target.

WhatsApp Web users can open attachments sent by third parties through the mobile platform, including business cards of the vcard file type. An attacker was found to be able to mask malicious code such as such a vcard, causing a recipient to run malware on its system upon opening, warns security researcher Kasif Dekel of Check Point. All the attacker needed was the WhatsApp account phone number. WhatsApp Web did not validate vcard-type files.

WhatsApp rolled out an update on August 27 to close the leak, six days after being notified by Check Point. Versions higher than 0.1.4481 would not have the vulnerability and Check Point recommends that users who are still on an old version update it. WhatsApp has 900 million users worldwide, but how many people use the web client is unknown.

You might also like
Exit mobile version