One message is enough to compromise your computer. Watch out for this significant security vulnerability in WhatsApp
WhatsApp for Windows had a serious flaw that made it possible for hackers to take over victims' computers by sending them a message. Millions of users of the messaging app on Windows computers were at risk due to this vulnerability, which was rated as critical and required no action on their part to compromise.
TechSpot claims that an emergency patch was released in October to address the security flaw, which first surfaced in mid-2023. The Check Point research team found that the problem is with the way the app reads some messages that contain modified Unicode characters or emoji.
Attackers took advantage of flaws in the cache of the WhatsApp Windows client. Booby-trapped messages could be made by hackers using malicious emoji sequences that, when they arrived on the victim's device, would fill the memory and introduce malicious code that could be run on the system without permission.
The most terrifying aspect of this vulnerability is that the attack is initiated automatically, so you do not even need to take any action. In contrast to other scams that require you to click a link or download a file, the attacker can carry out commands on your computer, install malware, or spy on your personal information simply by sending you the message.
We have previously experienced similar problems with WhatsApp. Critics of the app's developer claim that these problems highlight structural weaknesses in Telegram's security. According to Pavel Durov, who recently succeeded in leaving France after being held there for several months, WhatsApp's closed-source code makes it challenging for outside experts to find these vulnerabilities before it is too late.
After being alerted to the problem, Meta, the company that owns WhatsApp, acted quickly to protect all users by forcing an update from its servers.
Be cautious—this major failure is not unique to WhatsApp. It was recently shown that even the most widely used platforms can have security flaws that impact millions of users when a similar problem was found in Google Chrome that also permitted remote code execution.