WhatsApp: One-Click High-Risk Security Warning Posed To iPhone Users Worldwide
If you are an iPhone user, do you use WhatsApp on your device? Or have you recently updated the app? Well, here’s to praying that your answer isn’t yes and no. Last February 1, the popular iPhone app, WhatsApp stopped operating for users who have iPhones powered by Apple iOS or earlier, this despite the new Apple apps like the Apple maps. This might be a blessing in disguise after confirming that there’s a potentially dangerous security threat to iPhone utilizing WhatsApp fans.
WhatsApp and iPhone have appeared together in the headlines once again, and it’s not good news. Using one WhatsApp message, both are considered as the culprit behind the alleged hacking of the iPhone of Jeff Bezos. It’s no longer surprising that the messenger app is involved in yet another scandalous issue because it always had its own security troubles. In fact, it had been facing bad rep ever since last year; starting from the “Reverse Engineering WhatsApp Encryption for Chat Manipulation and More,” report.
Latest ‘one-click attack’ risk for users of iPhone
Gal Weizman, a researcher at PerimeterX, identified that there were several security flaws in WhatsApp that can have possible affects to users of iPhone. Given that this researcher is an expert in JavaScript, one can easily tell that these flaws had JavaScript as their foundation. The flaws, generally referred to as CVE-2019-18426, are characterized as using WhatsApp Desktop versions and they enable local file reading and cross-site scripting. If you fear the part where local file reading is allowed, then maybe you need to sit down before you start researching about the cross-site scripting threat. These flaws will expose users to risks by giving access to easily tamper links and text contents in website previews using incorrect content and edited links that lead to malicious sites.
Malicious attack
These are just the beginning, and the worse is yet to come. In order for the flaws to be activated, the attacker has to deliver a maliciously created text message and the user has to click it. By just a single or one-click, you are done. WhatsApp already said that their active monthly users have reached 1.5 billion but the number of users who are utilizing the app using an iPhone is not yet identified. Due to this flaw, as extremely simple and threatening as it is, only users with older iPhone app that is connected to an older desktop app can exploit it. Unfortunately, the starting point is too big, talking about hundreds of thousands going to millions of users.
Knowing that this flaw exists in such popular messaging app is totally a cause for concern. This flaw has the ability to edit message contents, which is a great threat to cybersecurity perspective, as well as fake news perspective. As of the present, the mitigation solution provided to WhatsApp users who are still willing to continue utilizing the app on older models of iPhones is to update the operating system as much as possible. That is the least thing they can do, for now.