WhatsApp for Windows Security Flaw Allows Executing Python 3le5p PHP Files Without Warning: Report

WhatsApp was reportedly highlighted about the issue but the company did not see it as an issue at their end. p1h2t

Written by Siddharth Suvarna | Updated: 31 July 2024 14:29 IST

WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

Photo Credit: Reuters 3v6d2p

For an attack using Python or PHP files to be successful, a must have Python installed

Highlights

Security researcher Saumyajeet Das from Zeron found this vulnerability
WhatsApp is said to not block .PYZ, .PYZW, and .EVTX files from launching
WhatsApp reportedly dismissed the researcher’s report

ment

WhatsApp for Windows reportedly has a vulnerability that can be exploited by bad actors. The security flaw exploits executable files of Python and PHP for which the app does not send a warning, claimed the report. As a result, an unsuspecting might accidentally save and run the file, allowing the attacker to deploy the payload. WhatsApp reportedly has refused to take any action citing the problem is not at their end, and that it already warns s to not files from unknown senders.

WhatsApp for Windows Reportedly Has a Security Flaw 4fm4

According to a report by Bleeping Computer, the vulnerability was found in the latest version of the WhatsApp for Windows app. It is said to allow s to send Python and PHP attachments in executable format. The files, when being ed at the recipient's end, does not result in a warning notification from the instant messaging platform.

The security flaw was discovered by cybersecurity firm Zeron's security researcher Saumyajeet Das. As per the report, WhatsApp in most cases does not allow launching potentially harmful files such as .EXE. While the may see options of Open or Save As, clicking on Open generates an error. The may still save the file on the device and launch it, but the warning acts as a reminder of the malicious nature of the file. This behaviour is said to be consistent for file formats such as .EXE, .COM, .SCR, .BAT, and Perl.

Telegram Vulnerability Lets Hackers Send Malware as Videos: Report

However, the researcher reportedly found that three file types — .PYZ (Python ZIP app), .PYZW (PyInstaller program), and .EVTX (Windows event Log file) — did not trigger the error warning and s can open the file and launch them directly from within the app. Further, the publication found the same exception existed for PHP files.

Notably, an attack conducted using these file types will not be successful unless the has Python installed in their system. This reduces vulnerable s to software developers, researchers, and others who code on their system.

The publication claims that Das reported the issue via Meta's bug bounty programme on June 3. But on July 15, the company replied that the same issue was previously reported by another researcher. The issue is still not fixed, as per the report, and it was said to be present in the latest WhatsApp for Windows 11 version v2.2428.10.0.

A WhatsApp spokesperson told the publication, “We've read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through able files meant to trick a . It's why we warn s to never click on or open a file from somebody they don't know, regardless of how they received it — whether over WhatsApp or any other app.”

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: App

Akash Dutta Email Akash Dutta

Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen ing his favourite football club - Chelsea, watching movies and anime, and sharing ionate opinions on food. More