You thought you were getting a picture of a kitten... but it was a virus? WhatsApp has patched a flaw that allowed .exe files to be disguised as harmless images. We explain why you should update Update the app now.
Meta has released an urgent patch for WhatsApp on Windows. The flaw, now fixed with an update, allowed Hackers were able to pass off .exe files as images or PDFs. A nightmare scenario where a single click on a seemingly normal photo could execute malicious code. Versions prior to 2.2450.6 were affected.
The issue stemmed from a mismatch between the MIME type (which defines the actual file format) and the filename extension. WhatsApp would display an image icon, but use the .exe extension to open it. Result: by double-clicking, the user launched a potentially dangerous program, without realizing it.
Read also – WhatsApp is testing a feature that improves the security of your chats
Social engineering, hackers' favorite weapon
To exploit this flaw, hackers had to convince the victim to open the file. A task made easier by the immense network of WhatsApp groups, where images circulate continuously. Imagine a criminal infiltrating a parent-teacher group and sharing a fake school trip photo... in reality, spyware,” illustrates cybersecurity expert Adam Pilton.
Although no cases of exploitation have been reported, the threat is being taken seriously. The flaw has received a severity score of 6.7/10. According to Meta, the complexity of the attack limits the risks, but the danger remains if the user trusts the sender.
Read also– WhatsApp improves audio and video calls with these 3 welcome new features
WhatsApp users on Windows must update the application. Version 2.2450.6 fixes the problem by aligning file processing with their MIME type. A simple step to avoid turning your PC into a malware sieve.
As a reminder, as always, be wary of files sent by strangers… and even by your loved ones, whose account could be hacked. When in doubt, it is always best to ensure the authenticity files rather than clicking on them too quickly.
0 Comments