On April 9, the Indian Computer Emergency Response Team (Cert-In), an agency under the Ministry of Electronics and Information Technology, issued a high-severity alert regarding a security vulnerability affecting WhatsApp desktop users who are currently using a Windows version earlier than 2.2450.6.
The flaw allows attackers to gain unauthorised access to files by running any commands or code on the user’s computer.
“The vulnerability exists due to misconfiguration between the MIME type and file extension, leading to improper handling of attachment openings,” said the agency, according to The Times of India.
The statement from Cert-In further added that a potential attacker could have the capability to exploit this vulnerability by “crafting malicious attachments”. Such attachments could execute arbitrary code if they are opened manually by the user within the WhatsApp desktop application.
How WhatsApp users can arm themselves against this security loophole
WhatsApp is the most popular online messaging application, having around 3.5 billion active users worldwide. If you are a person who uses the WhatsApp desktop application, here are a few precautionary measures that Cert has flagged. In
Update WhatsApp desktop
I think keeping your WhatsApp desktop application updated is crucial. Updates often include fixes for security vulnerabilities and bugs, and introduce new security features that could help protect your computer system from potential threats from hackers.
Avoid suspicious files
Never open file attachments from unknown or untrusted sources. Moreover, even when files are sent from familiar contacts, it is ideal to treat files that appear unusual or unexpected with caution. These could be signs of a compromised account or a malware attempt.
Maintain system security
Install the latest security patches to ensure your Windows operating system is always up to date. Enable firewall protection and use a comprehensive security suite, including malware detection, to strengthen your defense against unauthorised access and cyber threats.
