The Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology under the Government of India, has issued a high-level security advisory on a vulnerability discovered in WhatsApp Desktop for Windows.
The alert warns that a flaw in WhatsApp Desktop could let attackers execute code or spoof the system, putting user security at risk.
Affected Versions of WhatsApp Desktop
CERT-In has said that a vulnerability exists in WhatsApp Desktop for Windows versions earlier than 2.2450.6, which is caused by a misconfiguration between the MIME type and file extension. This flaw could be exploited by attackers sending a specially crafted attachment, which can can lead to arbitrary code execution of the app when the user clicks the malicious file.
As the file may be delivered remotely, users should exercise caution when opening attachments from unidentified or unreliable sources, CERT-In said.
Risk Assessment
The vulnerability has been classified as high severity by CERT-In due to the risk it poses to users.
According to CERT-In, attackers might use it to execute arbitrary code, obtain unauthorised access, or launch spoofing attacks on the targeted system.
This is a serious concern to WhatsApp Desktop for Windows users.
The warning has been issued mainly focused towards end users depending on WhatsApp for Desktop, stressing the need to take prompt measures to prevent system intrusion or data hacking.
Steps To Protect Your System
To protect against this vulnerability. CERT-In recommends all WhatsApp Desktop users immediately update to version 2.2450.6 or higher.
Users should be cautious when opening attachments from unknown or dubious sources. By taking these precautions, the chance of a system breach will be reduced. Users are also encouraged to install trustworthy antivirus software and routinely check their devices for harmful files.
WhatsApp, owned by Meta, is widely used for communication on mobile and desktop platforms, using end-to-end encryption for privacy. Security updates must be applied as soon as possible as they are an essential element of millions of people's everyday communication. Breach of the security system or other vulnerability can expose users to risks of data theft, illegal access, and cybercriminals taking control of their system.
