The Indian Computer Emergency Response Team (CERT-In), the national cybersecurity agency under the Ministry of Electronics and Information Technology, has issued a high-severity security advisory for users of WhatsApp Desktop on Windows in India. The warning highlights a critical vulnerability that could be exploited by hackers to compromise the security of affected systems.
The department has discovered a critical vulnerability that could allow attackers to execute arbitrary code or carry out spoofing attacks, potentially compromising both user data and overall system security. The catch is to keep your device updated.
What the Vulnerability Entails
According to CERT-In, the identified vulnerability exists in WhatsApp Desktop versions 2.2450.6 and older ones. A remote attacker could exploit this vulnerability by sending specially crafted messages or codes, which could lead to unauthorised access to files or even system control, said CERT-In.
This security flaw, if exploited, could allow remote attackers to do the following things:
-
Execute arbitrary code on the victim’s system, potentially gaining full control.
-
Launch spoofing attacks, deceiving users by impersonating trusted entities or manipulating the app’s interface.
-
Gain unauthorised access to sensitive data stored on the device.
-
Possibly install malware or carry out surveillance without the user’s knowledge.
This means that simply having an outdated version of WhatsApp Desktop installed on your system may be enough for attackers to infiltrate and take control of your device.
The vulnerability stems from a MIME-type misalignment in file attachments, which allows a malicious file to appear harmless. When opened, this file can execute malicious code on the victim’s system, leading to potential compromise. So think before you click.
Who is at Risk
Any user running WhatsApp Desktop on Windows with version 2.2450.6 or older ones is considered at high risk. If left unpatched, this vulnerability can be exploited without any user interaction in certain scenarios, making it particularly dangerous.
Potential Consequences of the Attack
If a cyber attacker successfully exploits this flaw, they could do the following things.
-
Steal personal and financial information stored on the device.
-
Hijack active communication sessions or any message.
-
Plant malicious software to monitor activity or further compromise the system.
-
Spread the attack laterally across other systems in a shared network environment.
What Users Should Do
CERT-In strongly advises all users to the following things:
-
Update WhatsApp Desktop immediately to the latest available version via the official WhatsApp website or the Microsoft Store.
-
Avoid clicking on suspicious links or downloading unknown files, especially if sent via WhatsApp or email.
-
Enable automatic updates for applications to ensure security patches are installed promptly.
-
Use reliable antivirus and endpoint protection software to detect and prevent exploit attempts.
-
Keeping software up to date is one of the most effective ways to protect against known vulnerabilities and reduce the risk of cyberattacks.
Meanwhile, Meta has also reportedly patched the vulnerability in the recent release of WhatsApp Desktop. Users need to enable automatic updates to prevent future harm.
Stay updated, stay informed and keep your device safe.