Facebook has issued a security advisory for a flaw in WhatsApp Desktop that could allow an attacker to use cross-site scripting attacks and read the files on MacOS or Windows PCs by using a specially crafted text message. The attacker could retrieve the contents of files on the computer on the other end of a WhatsApp text message and potentially do other illicit things.
The flaw, discovered by researcher Gal Weizman at PerimeterX, is a result of a weakness in how WhatsApp’s desktop was implemented using the Electron software framework, which has had significant security issues of its own in the past.
