CERT-In Issues High-Severity Warning for WhatsApp Desktop Users
- MediaFx
- 1 day ago
- 1 min read
TL;DR: India's cybersecurity agency, CERT-In, has issued a high-severity alert for WhatsApp Desktop users on Windows. A vulnerability in versions prior to 2.2450.6 allows attackers to execute arbitrary code via malicious attachments. Users are strongly advised to update their applications immediately and exercise caution with file attachments.
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has identified a critical security flaw in WhatsApp Desktop for Windows. This vulnerability affects versions earlier than 2.2450.6 and arises from a misconfiguration between the MIME type and file extension, leading to improper handling of attachments. Attackers can exploit this flaw by sending specially crafted attachments that, when opened, can execute arbitrary code on the user's system, potentially leading to unauthorized access and data theft .
Who is Affected:
Users operating WhatsApp Desktop for Windows versions earlier than 2.2450.6.
Risks Involved:
Execution of malicious code.
Unauthorized access to files and data theft.
Potential full system compromise.
Recommended Actions:
Update Immediately: Ensure your WhatsApp Desktop application is updated to version 2.2450.6 or later.
Exercise Caution with Attachments: Avoid opening attachments from unknown or untrusted sources. Even attachments from known contacts should be treated with caution if unexpected.
Maintain System Security: Keep your operating system and antivirus software up to date to mitigate potential threats.
For more detailed information, refer to the official CERT-In advisory and WhatsApp's security updates.
