U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

WhatsApp Web client and Mobile App affected by privacy issues

The 17-year-old security researcher Indrajeet Bhuyan discovered two security flaws in the newborn WhatsApp Web client which menace user privacy. Just a week after the presentation of WhatsApp Web, the desktop version of the popular mobile messaging application WhatsApp, a 17-year-old security researcher Indrajeet Bhuyan discovered two security flaws. Bhuyan is already known to the IT security community because […]

WhatsApp Web client and Mobile App affected by privacy issues

The 17-year-old security researcher Indrajeet Bhuyan discovered two security flaws in the newborn WhatsApp Web client which menace user privacy.

Just a week after the presentation of WhatsApp Web, the desktop version of the popular mobile messaging application WhatsApp, a 17-year-old security researcher Indrajeet Bhuyan discovered two security flaws. Bhuyan is already known to the IT security community because he discovered a critical vulnerability in the mobile version of WhatsApp that could be exploited by an attacker to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, causing also the loss of overall conversations.

WhatsApp web browser

The new bugs in the WhatsApp web client reported by Indrajeet Bhuyan could expose users’ information. The first bug, dubbed by the researcher ‘WhatsApp photo privacy bug’, allows anyone to view a user’s profile image even if the attacker in not in the contact list of the targeted user and despite the victim has set the profile image privacy setting to “Contacts Only“.

The second bug, dubbed ‘WhatsApp Web Photo Sync Bug’, affects WhatsApp Web Photo Syncing functionality, the security expert noticed that whenever a user deletes an image that received by a user using the mobile version of WhatsApp, the picture appears blurred and cannot be viewed.

If the same image has been already been deleted by the user from mobile WhatsApp version, it can be accessible by using a Whatsapp Web client, evidently the Whatsapp mobile app and the Whatsapp web clients are not correctly synchronized.

It’s quite normal that a newborn application like Whatsapp web is affected by flaws and I have no doubts that Whatsapp will fix it as soon as possible.

Pierluigi Paganini

(Security Affairs – WhatsApp Web, messaging)