Facebook Owned Messaging app WhatsApp is also one of the most popular messengers for everyone. The popular and leading messaging app is available for iOS, Android as well as Windows while it can be used on the WhatsApp web. A lot of rumors have been around on how this messenger app is not secure and how user data is not secure. Now a bug allowed attackers to access local storage of WhatsApp user reading their files. The Bug is now patched by Facebook now but it was there for some time and made users vulnerable to attackers.
It was suggested by security advisors that the bug allowed attackers to attack the users when paired to WhatsApp Desktop using WhatsApp on iOS. The attack can be successful as long as a link sent by the attacker is opened by the user. WhatsApp Desktop versions before v0.3.9309 after getting connected to WhatsApp for iOS version before 2.20.10 are getting this issue. The vulnerability was there and iOS users were the ones at risk that could have put a large number of users victim. A large number of attacks could have happened before the victims could even know how they got attacked.
The vulnerability could be easily exploited but it required interaction os victim after the attack was remotely launched. A loophole in the WhatsApp’s Content Security Policy was found by a researcher from PerimeterX. This loophole allowed scripting across the site on the desktop app. The risk of attacks is similar to phishing but the thing is it can be launched over a large number of users as WhatsApp has millions of users. Now the bug is taken care of and there is no word of how many people were actually any victim of any attacks.