WhatsApp flaw gave hackers access to files from Windows and Macs

Highlighting the dangers of the use of third party frameworks. Update now…:

A nasty vulnerability has been discovered in the WhatsApp desktop client used by millions of people around the world. That vulnerability allows an attacker to send a malicious link that, when clicked on, could give the attacker access to all the files on a WhatsApp user’s computer.

The vulnerability was discovered by security researcher Gal Weizman. It works by exploiting a flaw in the Chromium platform, of all things. Chromium is what Google’s Chrome browser is based on. However, Chromium is also used in the Electron platform, which is what Facebook’s WhatsApp desktop app is built on.

The Electron platform allows developers to create desktop apps using web standards, which makes porting web-based apps to the desktop easy, no matter if it’s for Windows or macOS. So yep, when you’re using WhatsApp on Mac or PC, you’re really just using a repackaged web app–not a native app.

[…]

Original article here