2 mo. ago • 97%

WhatsApp for Windows lets Python, PHP scripts execute with no warning

www.bleepingcomputer.com WhatsApp for Windows lets Python, PHP scripts execute with no warning

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them.

Pulse of Truth @infosec.pub WhatsApp for Windows lets Python, PHP scripts execute with no warning

5 comments

I mean... You have to explicitly hit "open", and it requires you to do so? This is like saying email has a vulnerability because it lets* me open files sent there?

I get what they are after, but this is a stretch.

15
- I guess preferably they'd just be saved and/or opened in a text editor, rather than ran on your computer
  
  3
  
  Starts getting into demarcation land at that point, because the OS defines what files are opened in which program. Just saving makes sense as a compromise though!
  
  3
Haha jokes on them, it won't even let me install their apps on Windows

6