July 27, 2024 at 04:33PM
A security issue in the latest version of WhatsApp for Windows allows the execution of Python and PHP attachments without warning, if the recipient opens them. Although WhatsApp blocks several risky file types, it does not plan to add Python and PHP scripts to the list. The company also dismissed a researcher’s report about the issue.
From the meeting notes, it’s clear that there is a significant security issue with the latest version of WhatsApp for Windows. It has been found that Python and PHP attachments can be executed without any warning when the recipient opens them. Additionally, it has been reported that WhatsApp does not block the execution of Python and PHP files. This poses a serious security risk as attackers can send potentially malicious scripts to users, and if the resources are present, the recipient only needs to click the “Open” button for the script to execute.
Furthermore, it seems that despite being alerted to these vulnerabilities, WhatsApp has not taken action to add these file types to its blocklist. This has raised concerns among security researchers, with one expressing disappointment at how the issue was handled by WhatsApp.
It’s important to address these vulnerabilities promptly to enhance the security of WhatsApp users and prevent potential exploitation through these file types. Additionally, it’s crucial for WhatsApp to demonstrate its commitment to promptly resolving security concerns and actively enhance the security of its platform.
Given the seriousness of these findings, it’s recommended that WhatsApp urgently addresses the issue and strengthens its security measures to protect its users from potential security risks.