Facebook has released an official statement on the WhatsApp desktop security breach, which allows scripting attacks through the Web site and reading existing files on MacOS and Windows via a specific text message. In these attacks, the hacker can retrieve the contents of the files on the computer next to the WhatsApp text message and take other criminal actions.
The breach was discovered by a security researcher, Gal Wiseman of PerimeterX , and the result of a weak WhatsApp desktop implementation using an electronics software framework that has had security problems in the past. Electron allows developers to build multi-platform web applications and browser technologies, but its level of security depends on the components the developer uses in their app.
All of this was due to the vulnerable versions of WhatsApp Desktop, which was developed using an older version of Chrome browser engine (ie, Chrome 2). Fortunately, newer versions of the Chrome engine can detect malicious code.
According to Facebook, this vulnerability exists for those users who have paired the WhatsApp Desktop 0.3.9309 or earlier with the WhatsApp iPhone version before 2.20.10. The company has also released newer versions of WhatsApp Desktop that use up-to-date browser components.Source