A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them.
  • brvslvrnstEnglish
    152 months ago

    I mean… You have to explicitly hit “open”, and it requires you to do so? This is like saying email has a vulnerability because it lets* me open files sent there?

    I get what they are after, but this is a stretch.

    • Pissipissini Johnson 🩵! :DEnglish
      32 months ago

      I guess preferably they’d just be saved and/or opened in a text editor, rather than ran on your computer

      • brvslvrnstEnglish
        32 months ago

        Starts getting into demarcation land at that point, because the OS defines what files are opened in which program. Just saving makes sense as a compromise though!

        • Pissipissini Johnson 🩵! :DEnglish
          32 months ago

          Right, but they could define a special behaviour so it doesn’t immediately run a script you click on. It is kinda your fault if you get got by this, but it would be a bit more secure with mitigations in place.