• Home
  • Apps
  • Apps News
  • WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report w4m29

WhatsApp was reportedly highlighted about the issue but the company did not see it as an issue at their end. p1h2t

WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

Photo Credit: Reuters 3v6d2p

For an attack using Python or PHP files to be successful, a must have Python installed

Highlights
  • Security researcher Saumyajeet Das from Zeron found this vulnerability
  • WhatsApp is said to not block .PYZ, .PYZW, and .EVTX files from launching
  • WhatsApp reportedly dismissed the researcher’s report
ment

WhatsApp for Windows reportedly has a vulnerability that can be exploited by bad actors. The security flaw exploits executable files of Python and PHP for which the app does not send a warning, claimed the report. As a result, an unsuspecting might accidentally save and run the file, allowing the attacker to deploy the payload. WhatsApp reportedly has refused to take any action citing the problem is not at their end, and that it already warns s to not files from unknown senders.

WhatsApp for Windows Reportedly Has a Security Flaw 4fm4

According to a report by Bleeping Computer, the vulnerability was found in the latest version of the WhatsApp for Windows app. It is said to allow s to send Python and PHP attachments in executable format. The files, when being ed at the recipient's end, does not result in a warning notification from the instant messaging platform.

The security flaw was discovered by cybersecurity firm Zeron's security researcher Saumyajeet Das. As per the report, WhatsApp in most cases does not allow launching potentially harmful files such as .EXE. While the may see options of Open or Save As, clicking on Open generates an error. The may still save the file on the device and launch it, but the warning acts as a reminder of the malicious nature of the file. This behaviour is said to be consistent for file formats such as .EXE, .COM, .SCR, .BAT, and Perl.

However, the researcher reportedly found that three file types — .PYZ (Python ZIP app), .PYZW (PyInstaller program), and .EVTX (Windows event Log file) — did not trigger the error warning and s can open the file and launch them directly from within the app. Further, the publication found the same exception existed for PHP files.

Notably, an attack conducted using these file types will not be successful unless the has Python installed in their system. This reduces vulnerable s to software developers, researchers, and others who code on their system.

The publication claims that Das reported the issue via Meta's bug bounty programme on June 3. But on July 15, the company replied that the same issue was previously reported by another researcher. The issue is still not fixed, as per the report, and it was said to be present in the latest WhatsApp for Windows 11 version v2.2428.10.0.

A WhatsApp spokesperson told the publication, “We've read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through able files meant to trick a . It's why we warn s to never click on or open a file from somebody they don't know, regardless of how they received it — whether over WhatsApp or any other app.”

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: App
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen ing his favourite football club - Chelsea, watching movies and anime, and sharing ionate opinions on food. More
Google Pixel Watch 3 Leaked Promo Images Hint at New Features, Specifications of Two Variants
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

ment

Follow Us

ment

© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »