In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .
Agree

Tech

[Other] Bug in WhatsApp Web could potentially affect 200 million users

2015-09-09 07:00:17
440 4


Mobile security research firm, Check Point, has revealed a new bug in the popular cross platform messaging service, WhatsApp. The bug that appears to affect only WhatsApp Web has the potential to allow ransomware and malicious applications on your device.

WhatsApp Web as you’d know is a browser based interface for users to access the same messages as are present on their smartphone. About 200 million users out of the 900 million user base that WhatsApp enjoys use the browser based service. The bug takes advantage of the way the service handles VCards and can use it as a backdoor to install malicious applications on your phone. VCards are essentially business card files containing contact information. Given the innocuous appearance of the file, users might very easily end up opening these files. Check Point has already informed WhatsApp who are rolling out a fix right this moment. All users of the service are urged to upgrade to the latest version. It goes without saying that users should refrain from downloading files from unknown contacts and for that matter even unknown websites on the internet due to the dangers of ransomware that can trap your files unless you pay an extortionate amount.



2015-09-09 07:00:17
Favorites RateRate
Really that's Dangeours
2015-09-09 09:06:38
This post was edited by furqaan at 12:35, Sep-10-2015


A newly found vulnerability in WhatsApp Web, the Web-based interface of the popular instant messaging client, allows attackers to trick users into executing arbitrary code on their computers, a security firm reports. The vulnerability affects more than 200 million people who use WhatsApp Web. WhatsApp has since updated its Web client to patch the bug in the latest version.

The 'MaliciousCard' vulnerability can be exploited by simply sending a vCard contact card containing malicious code to a victim's account, reports security firm Check Point. Once the victim opens the alleged contact, it starts to distribute bots, ransomware, and other malware files.

Since the business contact card looks perfectly legitimate, it is impossible for a user to know if the contact is riddled with malicious code.

The security firm noted that it informed WhatsApp about the vulnerability, and the messaging service issued an update on August 21 that fixes the bug. WhatsApp Web v0.1.4481 or later are not affected with the vulnerability.

The vulnerability lies in the improper filtering of contact cards sent in the vCard format in older versions of WhatsApp. The attacker can inject a command in the name attribute of the vCard file, separated by the ampersand character. Windows would automatically try to run all lines in the code. It is not known whether Mac users are affected by the vulnerability.

WhatsApp fails to validate the vCard format and the contents of the file, the firm further noted. One could send an executable file and WhatsApp wouldn't be able to flag or block it.

WhatsApp, which is available across multiple platforms, recently announced that it reached 900 million monthly active users. WhatsApp Web, which offers several of the mobile app's functionalities including the ability to send and receive text and audio notes, is used by more than 200 million users.


Source
2015-09-10 02:30:39
Thank you for adding source bro.
2015-09-10 03:07:06
Regards,

Sudhakar p singh
Thanks for sharing
2015-09-10 03:07:37
please sign in to reply.
Sign In Sign Up
  • Followers

    6243

  • Threads

    34

  • Replies

    3450

  • Points

    141454

Beta Tester
MIUI 8
Prisma
India 2nd year
100K members
Redmi 3S
APP scratch card
6th MIUI
Independence Day
Power At Last
AP2 Livestream
2016 Diwali with Mi
300K Members
3 Days Check-In
7 Days Check-In
21 Days Check-In
40 Days Check-In
70 Days Check-In
100 Days Check-In
1 Year Check-In
Shake!!Shake!!
Lucky Draw No.
500K Members
2016 Christmas
Mi Explorers
2016 #ThrowbackwithMiComm
App Review
1 million members
Xiaomi 7th Birthday
New Home
Fitness Guru
100 threads in a Month
June-100 replies in a month
Опрос
July-100 replies in a month
Aug-100 replies in a month
Sep-100 replies in a month
Oct-100 replies in a month
Nov-100 replies in a month
Dec-100 replies in a month
1st Anniversary
Columnist
71st Independence Day
My Poster My Life
MIUI 9
MIUI 7th Anniversary
100 000 пользователей
Poster của tôi
2 million registered members
20K Thành Viên
Mi Путешетсвие
10 000 Мі-Фанів
Newbie Member
150.000 Pengguna
Diwali
Вбивця смартфонів
200 000 пользователей
Helloween 2017
Halloween
Halloween
World Records
Twitter Medal
Día de Muertos
10K Members
250 000 пользователей
Black Friday
Device Team Member
300 000 пользователей
10k Members
Christmas 2017
Christmas 2017
Хитрий Санта
С Новым Годом!
Новогодняя открытка 2018
Красный вызов
З Новим роком!
2018 New Year Medal
2018 Medal
Beautiful Wishes
Пригадай все
MIUI
Антивірус MIUI
ThrowBackWithMiCommunity
Throwback with Mi Community
Nhìn lại cùng Mi Community
MIUI Instagram
2017 Xiaomi Annual Bill
Справжній серіаломан
One headphone
25 000 Мі-Фанів
10k members
Big Change
Вечірній Lewis
6S проти Mi A1
5K
14 de febrero
День св. Валентина 2018
50K Thành viên
Redmi 5/5 Plus
8 березня
Telegram
New Home
Are you OK?
Big Change
З Великоднем!
Xiaomi Birthday Medal
April Photography Medal
2K Member Milestone
Redmi Note 5 Medal
Mi Comm ITA 2.0
20K Members Medal
50К
Xiaomi Annual Launch Event
Raise The Cup
#RaiseTheCup
Mi A2
MIUI 8th Anniversary
Najbardziej aktywny użytkownik!
5K Member Milestone

Read moreGet new
Copyright©2016-2019 Xiaomi.com, All Rights Reserved
Content Policy
Quick Reply To Top Return to the list