时间:2025-07-19 06:31:59 来源:网络整理编辑:熱點
The past few months have not been good to WhatsApp users. Unfortunately, that doesn't look like it's
The past few months have not been good to WhatsApp users. Unfortunately, that doesn't look like it's about to change any time soon.
The Facebook-owned messaging app acknowledged and patched a major vulnerability that gave hackers the ability to access files on a victim's computer. All you had to do to fall prey to this attack was click a disguised link preview sent via the messaging app. In other words, it would have been an easy mistake for users to make.
Importantly, this did not affect every single WhatsApp user. Rather, a WhatsApp user had to have the iOS version of the messaging app paired to either a PC or MacOS WhatsApp desktop app.
"A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading," reads the Facebook bug report. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."
In a Feb. 4 blog post, the security researcher who discovered and disclosed the vulnerability detailed his process and noted that WhatsApp should really get its shit together.
"It is 2020," wrote Gal Weizman, "no product should be allowing a full read from the file system and potentially a [remote code execution] from a single message."
Patrick Wardle, a security researcher at Jamf and founder of Objective-See, told Mashable over Twitter direct message that "often desktop versions of apps aren't as well audited or well written ...and thus often open to attacks."
He added that this specific specific bug "was likely rather trivial to exploit," but cautioned against people freaking out.
"[Still]," wrote Wardle, "a super neat bug, and had the potential to impact lots of users (I use WhatsApp desktop), so definitely happy a security researcher uncovered it and that FB patched it quickly."
We reached out to Facebook in an effort to determine how many people were vulnerable to this exploit and how many, if any, were actually affectedby it. We've received no response as of press time.
Notably, WhatsApp vulnerabilities can have serious consequences. Just this past month, a security firm hired by Amazon CEO Jeff Bezos claimed in a report that the CEO's phone may have been hacked following the receipt of a malicious WhatsApp message. And while Bezos will be fine, people with less power and resources who fall victim to similar attacks may not fare as well.
Facebook is aware of this, but suggests at least some of the blame should lie elsewhere. Following the news of Bezos' hacked phone, the company's vice president of Europe, the Middle East and Africa, Nicola Mendelsohn, suggested to Bloombergthat Apple is the real problem here.
"One of the things that it highlights is actually some of the potential underlying vulnerabilities that exist on the actual operating systems on phones," Mendelsohn told the publication. "From a WhatsApp perspective, from a Facebook perspective, the thing that we care about the most, the thing that we invest in is making sure that the information that people have with us is safe and secure."
SEE ALSO: Mic on Bezos' hacked phone possibly compromised for months
Which, yeah, great. Making sure WhatsApp information is "safe and secure" sounds great, but perhaps that should include not allowing malicious texts that let hackers access victims' computers? Sounds like a good place to start.
Or, if that's too much, maybe Facebook should start recommending Signal.
UPDATE: Feb. 5, 2020, 2:02 p.m. PST:This story has been updated with comment from Patrick Wardle.
TopicsCybersecurityFacebookWhatsApp
Despite IOC ban, Rio crowds get their political messages across2025-07-19 06:22
詹姆斯罕見發怒究竟為何?裁判再次絕殺比賽...(詹姆斯生涯技犯)2025-07-19 06:22
世界羽聯大讚梁偉鏗/王昶 :8個月從默默無聞飛躍進世界前十2025-07-19 05:42
庫裏複出也無用 !六連敗的太陽隊太想贏了,拒絕27分逆轉(庫裏32分勇士遭馬刺逆轉)2025-07-19 05:15
Sound the alarms: Simone Biles finally met Zac Efron2025-07-19 04:55
世界羽聯大讚梁偉鏗/王昶:8個月從默默無聞飛躍進世界前十2025-07-19 04:51
【波盈足球】 世足梅西首談奪冠感想 後悔罵對手「看什麽看笨蛋」 ( 梅西,阿根廷 )2025-07-19 04:42
【羽聯消息】2023年世界巡迴賽超級100賽賽站公布‧中國賽站成上半年獨苗2025-07-19 04:23
This chart shows just how high Simone Biles can jump2025-07-19 04:13
2019年世界羽聯世界巡回賽廣州總決賽 首日賽程安排 央視全程直播2025-07-19 04:10
Give your kitchen sponge a rest on this adorable bed2025-07-19 05:17
事實說話!C羅社媒曬與梅西同框照 ,魔笛點讚,多個謠言不攻自破(梅西c羅同框壁紙高清)2025-07-19 04:56
詹姆斯突破被打手遭裁判無視,湖人121:125加時不敵綠軍(詹姆斯被隊友撞到要犯規嗎)2025-07-19 04:52
湖凱大戰後的各自反思(詹姆斯對利文斯頓惡意犯規)2025-07-19 04:52
Make money or go to Stanford? Katie Ledecky is left with an unfair choice.2025-07-19 04:48
【14:00電視直播】國羽混雙再鎖定金牌 !石宇奇不敵喬納坦,單打項目全軍覆沒2025-07-19 04:36
沃頓:最後一攻前曾詢問詹姆斯是否需要暫停 ,但這不重要(詹姆斯技術犯規圖片)2025-07-19 04:30
新賽季英超開打,這些規則有變化2025-07-19 04:07
Olympian celebrates by ordering an intimidating amount of McDonald's2025-07-19 04:04
2022世界羽聯世界巡回賽總決賽賽訊2025-07-19 04:02