WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images

• Meta reveals it found a vulnerability in WhatsApp for Windows
• It affects all older versions and allows hackers to trick people into running .exe files
• The flaw lets criminals display .exe files as harmless photos in the chat

Meta has fixed a vulnerability in its WhatsApp client for Windows which allowed threat actors to spoof executable files as images.

In a security advisory published on Facebook, the company said it addressed a spoofing issue in WhatsApp for Windows, prior to version 2.2450.6.

The bug “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension,” Meta explained.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

No abuse in the wild

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”

According to CyberInsider, this mismatch is a “classic method” for social engineering-based exploitation, since it allows threat actors to send files that appear harmless, but are in fact malicious. “If a victim double-clicks the attachment within WhatsApp, the underlying executable could run, compromising the user's system,” the publication wrote.

All older versions of the software were vulnerable, Meta further explained, recommending that users apply the patch immediately.

At the same time, the Cybernews team says that there is currently no evidence that the vulnerability is being exploited in the wild. However, as usual with these things, as soon as news of a vulnerability breaks, cybercriminals start hunting for vulnerable endpoints.

Most cyberattacks these days start with social engineering. A phishing message, paired with a malicious attachment can be sent either via email, or through an instant messaging platform such as WhatsApp. It can trick the victim into making a rash decision, running the attachment without thinking through it first.

Email addresses get leaked a lot more often than phone numbers, which makes WhatsApp-borne attacks a little less likely. However, many organizations harvest this information as well, and then store it in misconfigured, non-password-protected databases, which often get picked up by malicious actors and sold on the dark web.

Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, noted this is a dangerous vulnerability since many people are parts of different WhatsApp groups where images get shared all the time. This presents a great opportunity for criminals, and major risk for the users:

"It's really important to stress that this WhatsApp vulnerability impacts Windows desktop users. Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous, because if a cyber criminal was able to share this image either in your group or with someone you trust who then goes on to share it in your group, anybody in that group could unknowingly execute the malicious code associated with the shared image," he said.

"It is good to see however that the solution is at hand and simple to achieve and that is to apply an update to WhatsApp."

Via Cybernews

You might also like

• WhatsApp patches security flaw which let hackers install spyware
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app