Facebook issues alert for WhatsApp desktop vulnerability that could let hackers access your files

A vulnerability in the WhatsApp Desktop app could leave users exposed to cross-site scripting and local file reading, a security researcher found. Facebook acknowledged the flaw in an advisory and has patched it in an updated version for Windows and MacOS users. The issue applies to WhatsApp Desktop versions prior to v0.3.9309 that have been paired with WhatsApp for iPhone versions prior to 2.20.10.

The issue — Gal Weizman of PerimeterX discovered the vulnerability, which can be taken advantage of by attackers using a specially crafted text message. Once a user clicks on a link with a deceptive preview banner, an injected JavaScript code could run within WhatsApp Desktop and provide access to the local file system. Users were left exposed because the affected versions of WhatsApp Desktop had been developed on an outdated version of Google Chrome known to be vulnerable since March 2019.

If you don't feel like handing over access to your files to god-knows-who, update to the latest version of WhatsApp desktop.