December 10, 2024 at 02:37AM
WhatsApp has resolved a vulnerability in its View Once feature, which allows disappearing media to be accessed through web clients and browser extensions. Following reports from Zengo, WhatsApp issued a software update to enhance privacy protections, though further improvements were noted as necessary. Users are encouraged to trust their recipients and update the app.
**Meeting Takeaways:**
1. **Issue with View Once Feature**: WhatsApp’s View Once feature, aimed at enhancing user privacy by allowing images and videos to disappear after being viewed, had a significant security flaw that could be exploited through web applications and browser extensions.
2. **Discovery and Disclosure**: The vulnerability was discovered by researchers from Zengo, a crypto wallet startup, in August 2023. They responsibly disclosed the flaw to WhatsApp.
3. **Initial Fix and Limitations**: Shortly after the disclosure, WhatsApp implemented a fix; however, it did not completely resolve the issue, as it still allowed some images to be viewed after they were supposed to have disappeared.
4. **Final Update**: A software update has now been released that reportedly resolves the previous issues, preventing browser extensions from capturing View Once media.
5. **WhatsApp’s Commitment**: A spokesperson from WhatsApp emphasized the company’s ongoing efforts to enhance privacy protection and encourages users to use the feature only with trusted contacts and to keep their app updated.
6. **Feedback from Zengo**: Tal Be’ery, co-founder of Zengo, acknowledged the effectiveness of the latest fix and appreciated WhatsApp’s improvements, highlighting the positive impact of their findings on enhancing user privacy.
7. **Reminder for Users**: Users are reminded to be cautious when sending View Once messages and to ensure they are using the latest version of the app for optimal security.