Skip to main content

WhatsApp Vulnerability Allows Python, PHP Script Execution

A security flaw in WhatsApp for Windows allows Python and PHP scripts to execute without warning when opened by recipients. This vulnerability, affecting users with Python installed on their systems, could pose a risk to software developers, researchers, and power users.

The flaw enables the execution of Python (.PYZ, .PYZW) and PHP (.PHP) scripts directly within the WhatsApp client, bypassing any security prompts. Users who click "Open" on these file types will inadvertently execute the scripts, potentially exposing their systems to malicious code. The issue was discovered by IT security expert Saumyajeet Das, who found that these file types are not blocked by WhatsApp's current security measures.

This vulnerability is reminiscent of a similar issue that affected Telegram for Windows in April this year, where attackers could bypass security warnings and execute remote code by sending Python scripts. Telegram addressed the issue after it was reported, but WhatsApp has not taken similar action.

WhatsApp for Windows does block several high-risk file types, such as .EXE, .COM, .SCR, .BAT, .DLL, .HTA, and VBS, requiring these files to be saved to disk before execution. However, Python and PHP scripts are not included in this blocklist, allowing them to be executed directly from the application.

Meta, the parent company of WhatsApp, was informed of the vulnerability on June 3. Despite acknowledging the issue on July 15, Meta has not implemented a fix. In a statement to BleepingComputer, Meta indicated that they consider it the users' responsibility to avoid opening unknown files.

"We've read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through downloadable files meant to trick a user," said a Meta spokesperson. "It's why we warn users to never click on or open a file from somebody they don't know, regardless of how they received it — whether over WhatsApp or any other app."

The vulnerability's impact could be substantial, particularly if malicious attachments are posted in public or private WhatsApp chat groups, potentially affecting multiple recipients. Das expressed concern about the risk of malicious code transfer in such scenarios and suggested that Meta could mitigate the issue by adding .PYZ and .PYZW to their blocklist.

As of the latest reports, the vulnerability remains unaddressed in the current version of WhatsApp for Windows. Users are advised to exercise caution and avoid opening files from unknown sources to protect their systems from potential threats.



See TessMore Internet Business Must-Reads
Labels:

Comments

Post a Comment

Popular posts from this blog

Thousands Still Available in COVID Relief with These Small Business Grants

Building improvements can be a major expense for small businesses. And many had to make certain changes to navigate the past few years. Restaurants set up outdoor patios. Historic properties restored their storefronts. And offices added energy efficient features. Many businesses also have improvement projects planned for 2022. Luckily, many small business grant programs across the country make these projects more attainable, thus improving the customer experience and the community at large. Here are some current small business grant opportunities for building improvements, pandemic recovery, and more. Raleigh Building-Up Fit Grant Raleigh’s Small Business Development department is launching a new grant opportunity for local businesses. The Building-Up Fit Grant offers matching reimbursement funds up to $25,000 for eligible renovation projects. Businesses with 50 employees or less can apply for grants to cover projects that significantly improve the appearance and value of the pro...
Post a Comment
Read more

8 Product Recommendation Email Examples to Drive Sales in

Struggling to drive more leads and sales with your email marketing? One effective strategy to increase revenue and sales is through strategic product recommendation emails. By showcasing personalized product recommendations at the right time and using proven elements and strategies, you can engage your subscribers and convince them to make a purchase. In this article, we’ll cover what a product recommendation email actually is and discuss the benefits of sending them. We’ll also share some great examples and best practices that can help you increase sales and drive revenue for your business. What Is a Product Recommendation Email? Advantages of Sending Product Recommendation Emails 8 Product Recommendation Email Examples to Drive More Leads Best Product Recommendation Emails Practices Increase Sales With Effective Product Recommendation Emails! What Is a Product Recommendation Email? Have you ever received an email from your favorite eCommerce store showcasing products th...
Post a Comment
Read more

Top 50 Cryptocurrencies

Cryptocurrencies are digital currencies that act as mediums for exchange, just like regular money. One of the differences between cryptocurrencies and paper money is that cryptocurrencies are designed to exchange information digitally through public databases or blockchains. The blockchain is database is distributed across computers that run using blockchain software. No single entity owns or controls the database, and anyone can access the database, offer proof of ownership, and transfer cryptocurrencies through the use of crypto wallets. the global cryptocurrency market in just a decade has grown exponentially. How Many Cryptocurrencies are There? The crypto space is vast there are over 10,000 digital currencies in the market today. Due to the relative ease to launch different cryptocurrencies developers and businesses are tapping into the global crypto market to generate profits and connect with tech – savvy communities. Users too are opening cryptocurrency investment accounts in...
Post a Comment
Read more