Whatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the Whatsapp Windows client, allowing execution of arbitrary Python and PHP scripts on vulnerable systems with suitable coding environments installed.Commenting on the exploitability of “attachments” related flaws in popular software, Nico Chiaraviglio, chief scientist at Zimperium said, “Attachments remain one of the most common vectors for delivering malicious content. While this specific case involves WhatsApp for Windows, mobile platforms are not exempt. Attackers regularly leverage file attachments to bypass user trust and deliver malware, phishing payloads, or exploit vulnerabilities.” In a different approach, a zero-click vulnerability impacting Whatsapp’s mobile phone releases was reportedly exploited in zero-day abuses to install Paragon’s Graphite spyware in 2024.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3958125/whatsapp-plugs-bug-allowing-rce-with-spoofed-filenames.html
