Whatsapp plugs bug allowing RCE with spoofed filenames
Whatsapp makes for a popular attack vector
Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.
A similar security oversight was reported in July 2024 to be affecting the Whatsapp Windows client, allowing execution of arbitrary Python and PHP scripts on vulnerable systems with suitable coding environments installed.
Commenting on the exploitability of “attachments” related flaws in popular software, Nico Chiaraviglio, chief scientist at Zimperium said, “Attachments remain one of the most common vectors for delivering malicious content. While this specific case involves WhatsApp for Windows, mobile platforms are not exempt.