Technology News
English Edition
  • Home
  • Apps
  • Apps News
  • WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

WhatsApp was reportedly highlighted about the issue but the company did not see it as an issue at their end.

Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 31 July 2024 14:29 IST
WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report

Photo Credit: Reuters

For an attack using Python or PHP files to be successful, a user must have Python installed

Highlights
  • Security researcher Saumyajeet Das from Zeron found this vulnerability
  • WhatsApp is said to not block .PYZ, .PYZW, and .EVTX files from launching
  • WhatsApp reportedly dismissed the researcher’s report
Advertisement

WhatsApp for Windows reportedly has a vulnerability that can be exploited by bad actors. The security flaw exploits executable files of Python and PHP for which the app does not send a warning, claimed the report. As a result, an unsuspecting user might accidentally save and run the file, allowing the attacker to deploy the payload. WhatsApp reportedly has refused to take any action citing the problem is not at their end, and that it already warns users to not download files from unknown senders.

WhatsApp for Windows Reportedly Has a Security Flaw

According to a report by Bleeping Computer, the vulnerability was found in the latest version of the WhatsApp for Windows app. It is said to allow users to send Python and PHP attachments in executable format. The files, when being downloaded at the recipient's end, does not result in a warning notification from the instant messaging platform.

The security flaw was discovered by cybersecurity firm Zeron's security researcher Saumyajeet Das. As per the report, WhatsApp in most cases does not allow launching potentially harmful files such as .EXE. While the user may see options of Open or Save As, clicking on Open generates an error. The user may still save the file on the device and launch it, but the warning acts as a reminder of the malicious nature of the file. This behaviour is said to be consistent for file formats such as .EXE, .COM, .SCR, .BAT, and Perl.

However, the researcher reportedly found that three file types — .PYZ (Python ZIP app), .PYZW (PyInstaller program), and .EVTX (Windows event Log file) — did not trigger the error warning and users can open the file and launch them directly from within the app. Further, the publication found the same exception existed for PHP files.

Notably, an attack conducted using these file types will not be successful unless the user has Python installed in their system. This reduces vulnerable users to software developers, researchers, and others who code on their system.

The publication claims that Das reported the issue via Meta's bug bounty programme on June 3. But on July 15, the company replied that the same issue was previously reported by another researcher. The issue is still not fixed, as per the report, and it was said to be present in the latest WhatsApp for Windows 11 version v2.2428.10.0.

A WhatsApp spokesperson told the publication, “We've read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through downloadable files meant to trick a user. It's why we warn users to never click on or open a file from somebody they don't know, regardless of how they received it — whether over WhatsApp or any other app.”

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WhatsApp, Cybersecurity, App
Akash Dutta
Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Google Pixel Watch 3 Leaked Promo Images Hint at New Features, Specifications of Two Upcoming Variants

Related Stories

WhatsApp for Windows Security Flaw Allows Executing Python, PHP Files Without Warning: Report
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Honor 200 Pro Review: Honourable yet Expensive Camera Phone
#Latest Stories
  1. Ancient Roman Silver Coins Unearthed in the Mediterranean, Said to Be Hidden During Pirate Raids
  2. Great White Sharks Gather at a Mysterious Spot in the Pacific Ocean Called White Shark Café
  3. Placebo Effect Link Discovered With Previously Unassociated Parts of the Brain
  4. Infant Mortality Rate and Decline of Bat Population Might Have a Strange Correlation, Study Claims
  5. Aurora Season in September 2024 Could Bring Vibrant Northern Lights Due to Earth's Tilt
  6. Groundbreaking Thorium-229 Nuclear Clock May Reveal Changes in Fundamental Constants
  7. China Aims to Launch Tianwen-3 Mars Sample-Return Mission in 2028, Surpassing US in Space Race
  8. Scientists Make Mouse Skin Transparent Using Food Dye, Here's Everything You Need to Know
  9. SpaceX Falcon 9 Successfully Launches NROL-113 Mission, Deploying Spy Satellites for US
  10. Scientists Test Nanorobots to Treat Brain Aneurysms
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »