WhatsApp for Windows “Vulnerability” Allows Unrestricted Execution of Python and PHP Script

WhatsApp for Windows “Vulnerability” Allows Unrestricted Execution of Python and PHP Script

A recent vulnerability in the latest version of WhatsApp for Windows has raised significant security concerns. This flaw allows attackers to send Python and PHP attachments that are executed automatically when the recipient opens them, without any warning or prompt.

For this attack to be effective, Python must be installed on the recipient’s system. Consequently, the vulnerability may primarily affect software developers, researchers, and power users who have Python installed.

This issue mirrors a similar vulnerability in Telegram for Windows reported in April, where attackers could bypass security warnings and execute remote code by sending a Python .pyzw file through the messaging client. Telegram initially downplayed the issue but eventually addressed it.

While WhatsApp currently blocks various file types considered risky, the company has indicated to BleepingComputer that it does not plan to include Python scripts in its list of restricted file types.

The vulnerability was discovered by security researcher Saumyajeet Das, who was experimenting with different file types to see which ones WhatsApp would accept.

Linkdin post of security researcher

In response to the discovery, Bleeping Computer asked WhatsApp and they replied with :

We’ve reviewed the researcher’s findings and appreciate their contribution. Malware can take many forms, including through files intended to deceive users. That’s why we advise users to avoid clicking on or opening files from unknown sources, regardless of the platform — whether WhatsApp or another app.

The Tptimes.org team investigated the issue on WhatsApp version 2.2429.100 and found that .pyz (Python ZIP files), .pyzw (PyInstaller programs), .evtx (Windows Event Log files), and PHP files remain vulnerable.

Meta, WhatsApp’s parent company, has not yet acted decisively on this issue. While Python is not commonly used by the general public, the vulnerability poses a risk to security researchers, developers, and power users. Blocking these file types could mitigate risks from cybercriminals and scammers, enhancing overall security for WhatsApp users

Leave a Reply

Your email address will not be published. Required fields are marked *