HomeWinBuzzer NewsWhatsApp Desktop Vulnerability Confirmed By Facebook

WhatsApp Desktop Vulnerability Confirmed By Facebook

A WhatsApp Desktop vulnerability could allow attackers to access user system files if they click on a malicious link.


Users of the WhatsApp Desktop are facing a vulnerability that could give bad actors access to local files on a PC. The vulnerability involves hackers sending specially crafted messages to fool users.

has confirmed the vulnerability (CVE-2019-18426). In an advisory, the company said the attack would need the user to click a link.

“Description: A vulnerability in WhatsApp Desktop when paired with WhatsApp for allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

“Affected Versions: WhatsApp Desktop prior to v0.3.9309 paired with WhatsApp for iPhone versions prior to 2.20.10.”

It seems the problem is the Electron application is built on an aging web rendering engine. It is based on Chromium 69 that has the vulnerability. Of course, Chrome has since moved on an had the problem patched. However, for WhatsApp Desktop the problem remains.

Facebook says a patched version of the app is now available. For this to be available, you must have WhatsApp Desktop downloaded from the Store. Other versions of the app may still have the vulnerability.

If you want the latest version of WhatsApp Desktop, you can get it here.

Windows Phone Removal

Back in December, the WhatsApp application for Microsoft's Windows Phone was removed.

It has been inevitable as the company had not been supporting the app for some time. That means WhatsApp on Windows Phone had not been receiving updates and was not visible in the Microsoft Store. However, users with the app already installed had been able to continue using it.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News