The Windows client for the widely used instant messaging platform WhatsApp had a notable security flaw. However, Meta, the owner of WhatsApp, doesn't see it as their responsibility to fix it. Instead, they believe it's up to you to be cautious and avoid getting infected. The good news is that the risk of this flaw affecting you is quite low, so you should be safe.
A security flaw was discovered
Security researcher Saumyajeet Das examined WhatsApp for Windows to identify which file types the client can run natively. Most risky file types, such as .EXE, .COM, .SCR., or .BAT were blocked and can only be run if first saved to the computer's hard drive. However, there are a few that the client runs directly – .PYZ (Python ZIP app), .PYZW (PyInstaller programme), and .EVTX (Windows event Log file).
This means that if you click “Open” on any of these files in WhatsApp, they will execute immediately, including any malicious code. But there's a catch—for this to happen, you need to install Python on your computer, which few people do.
Limited impact
According to BleepingComputer, the requirement to have Python installed limits the targets for software developers, researchers, and power users. Das reported the issue to Meta in early June 2024 and received a response a month and a half later. Meta acknowledged the problem but indicated it had been reported before and stated they wouldn't address it.
In a statement to BleepingComputer, Meta explained that it's the user's responsibility to avoid opening malicious files. “We've read what the researcher has proposed and appreciate their submission. Malware can take many forms, including through downloadable files meant to trick a user,” the statement reads. “It's why we warn users to never click on or open a file from somebody they don't know, regardless of how they received it—whether over WhatsApp or any other app.”
User responsibility
Meta's stance is clear: users must stay vigilant and avoid opening files from unknown sources. This advice is essential for maintaining digital safety on WhatsApp and across all platforms and applications. Always be cautious with the files you download and open, and ensure you have the necessary security measures to protect your system.
The flaw in WhatsApp for Windows serves as a reminder of the importance of digital hygiene and being aware of the files you interact with online. While Meta might not fix this issue, staying informed and cautious can help you avoid potential threats and secure your computer.
