时间:2025-04-26 20:32:13 来源:网络整理编辑:熱點
The past few months have not been good to WhatsApp users. Unfortunately, that doesn't look like it's
The past few months have not been good to WhatsApp users. Unfortunately, that doesn't look like it's about to change any time soon.
The Facebook-owned messaging app acknowledged and patched a major vulnerability that gave hackers the ability to access files on a victim's computer. All you had to do to fall prey to this attack was click a disguised link preview sent via the messaging app. In other words, it would have been an easy mistake for users to make.
Importantly, this did not affect every single WhatsApp user. Rather, a WhatsApp user had to have the iOS version of the messaging app paired to either a PC or MacOS WhatsApp desktop app.
"A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading," reads the Facebook bug report. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."
In a Feb. 4 blog post, the security researcher who discovered and disclosed the vulnerability detailed his process and noted that WhatsApp should really get its shit together.
"It is 2020," wrote Gal Weizman, "no product should be allowing a full read from the file system and potentially a [remote code execution] from a single message."
Patrick Wardle, a security researcher at Jamf and founder of Objective-See, told Mashable over Twitter direct message that "often desktop versions of apps aren't as well audited or well written ...and thus often open to attacks."
He added that this specific specific bug "was likely rather trivial to exploit," but cautioned against people freaking out.
"[Still]," wrote Wardle, "a super neat bug, and had the potential to impact lots of users (I use WhatsApp desktop), so definitely happy a security researcher uncovered it and that FB patched it quickly."
We reached out to Facebook in an effort to determine how many people were vulnerable to this exploit and how many, if any, were actually affectedby it. We've received no response as of press time.
Notably, WhatsApp vulnerabilities can have serious consequences. Just this past month, a security firm hired by Amazon CEO Jeff Bezos claimed in a report that the CEO's phone may have been hacked following the receipt of a malicious WhatsApp message. And while Bezos will be fine, people with less power and resources who fall victim to similar attacks may not fare as well.
Facebook is aware of this, but suggests at least some of the blame should lie elsewhere. Following the news of Bezos' hacked phone, the company's vice president of Europe, the Middle East and Africa, Nicola Mendelsohn, suggested to Bloombergthat Apple is the real problem here.
"One of the things that it highlights is actually some of the potential underlying vulnerabilities that exist on the actual operating systems on phones," Mendelsohn told the publication. "From a WhatsApp perspective, from a Facebook perspective, the thing that we care about the most, the thing that we invest in is making sure that the information that people have with us is safe and secure."
SEE ALSO: Mic on Bezos' hacked phone possibly compromised for months
Which, yeah, great. Making sure WhatsApp information is "safe and secure" sounds great, but perhaps that should include not allowing malicious texts that let hackers access victims' computers? Sounds like a good place to start.
Or, if that's too much, maybe Facebook should start recommending Signal.
UPDATE: Feb. 5, 2020, 2:02 p.m. PST:This story has been updated with comment from Patrick Wardle.
TopicsCybersecurityFacebookWhatsApp
This app is giving streaming TV news a second try2025-04-26 20:31
《寄生》首播,殺豬盤開局,質感拉滿 ,奈何後續乏力 ,爛劇無疑2025-04-26 20:28
那英王菲春晚彩排臨陣換歌 將改唱《歲月》2025-04-26 20:28
周秀娜提名金像獎最佳女主角 用演技證明自己的實力2025-04-26 20:09
Samsung Galaxy Note7 teardown reveals the magic behind the phone's iris scanner2025-04-26 19:59
超模李振時尚全能發力 “綁架”攝影師任性出逃2025-04-26 19:56
《寄生》首播,殺豬盤開局,質感拉滿 ,奈何後續乏力,爛劇無疑2025-04-26 19:53
天貓超級品類日打造任性地鐵營銷 魔性論證懶人有理2025-04-26 19:43
Old lady swatting at a cat ends up in Photoshop battle2025-04-26 18:09
小八卦 ,趙露思,趙今麥 ,劉亦菲 ,蔣依依2025-04-26 17:59
This coloring book is here for all your relationship goals2025-04-26 20:27
玄俠劇《水龍吟》陣容官宣 ,華彩匠心塑造東方武俠世界2025-04-26 20:22
總局提出節目嘉賓標準:格調低紋身嘻哈文化不用2025-04-26 20:10
張傑暈倒風波後繼續完成剩餘工作 曬自拍狀態不錯2025-04-26 19:48
Olympian celebrates by ordering an intimidating amount of McDonald's2025-04-26 19:35
網曝《重中之重》定檔央一 ,楊爍侯勇主演 ,編劇導演是雙向質保2025-04-26 19:31
李小冉帶病拍戲忙 羽絨服成亮點2025-04-26 19:21
虞城縣蘋果大麵積滯銷,天佑幫農民賣蘋果過好年2025-04-26 19:21
Two astronauts just installed a new parking spot on the International Space Station2025-04-26 18:50
劉昊然“製霸”QQ看點 ,原來現在的年輕人喜歡這樣 !2025-04-26 17:53