back to article Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer – if they use the desktop client paired with the iPhone app. A patch has been issued and should be installed. Bug-hunter Gal Weizman, from security shop PerimeterX, discovered and reported CVE-2019-18426, a cross-site scripting …

  1. robidy

    Are FaceBook finding or creating these bugs....there seem to be a lot since Zuck and co started the assimilation into FaceBook...

  2. Anonymous Coward
    Anonymous Coward

    The desktop app is very convenient.

    It's irritating they don't have one for FB Messenger and seem to intentionally break third party clients.

    1. John Robson Silver badge

      No “seem to” at all, it is intentional.

      Used to be that I could run a multi protocol chat app and have hangouts, messenger, ICQ and more all in the one place...

    2. Dapprman

      If it's Windows 10 then there is a messenger app - works well with one exception - if you've got Facebook open in a browser it recognises when messages are read from the app, but still alerts in the browser to new/updated conversations.

  3. mark l 2 Silver badge

    I didn't even know there was a desktop version of Whatsapp. But you can just use the online in whatever browser you want and get a big screen desktop version of Whatapp, without the out of date Chromium build. That allows you to view, reply to and send messages. What does the desktop version offer extra on top of that?

    1. Russ Tarbox

      A few handy things :)

      On my Mac:

      Icon in the dock with badges

      Notifications separate to that of the browser

      Different alert sounds

      One less tab in my browser (every little helps!)

  4. TrumpSlurp the Troll

    Web version

    I use the Web version.

    I do occasionally see prompts about a Windows version but nothing that has led me to a download link.

  5. Pascal Monett Silver badge

    And here we go again

    "JavaScript code stashed in a maliciously crafted banner can bypass protection mechanisms and access the local file system of the target"

    JavaScript is a plague. It breaks URL links because companies want their precious pages to be just exactly so and display things through JS rather than a proper URL in the first place. It brings malware and hijacks the platform. It should be banned.

    Thank God for NoScript.

    1. Mike 137 Silver badge

      Re: And here we go again

      Thank you very much Pascal. The intelligent should get together and shout this aloud. The situation's got so silly that the UK cyber security authority has turned its entire web site into a js app. You can't even see the landing page unless scripting is enabled. And they're supposed to be the experts in infosec.

  6. Muscleguy Silver badge

    I'm Spartacus

    I use both, Android and MacOS desktop. I use the desktop version since it's faster and easier to type using a full keyboard and if I want to send some stuff it's also easier. Obviously if I want to send a picture I take it on the phone and send it on the phone but other stuff It's easier to use the desktop. Horses for courses.

    The desktop version won't work unless my phone is on and running WhatsApp and is on me or close to the laptop.

  7. big_D Silver badge


    Is a bloated pile of junk that shouldn't be let near a computer.

    There, FTFY.

    1. carl0s

      Re: Electron

      I think it's more down to what you do with it.

      Microsoft Teams is utter shite, Discord appears to be excellent.

      VS Code is also pretty excellent.

      1. big_D Silver badge

        Re: Electron

        VSCode is not bad, but it uses over 20 times as much memory as a "real" code editor.

        Notepad++ uses 13.2MBm, Visual Studio Code 268MB, both with the same files open. That is one hell of an overhead!

        1. carl0s

          Re: Electron

          To be fair, my standard editor is sublime text. I use vscode with platformio for embedded stuff, when I last did any of that anyway, and I use it with Quasar framework for Vue JS stuff. I use sublime as my everyday editor and for Django stuff.

          Funny you should mention VS code memory usage, because when I tried to use it with Django, its intellisense stuff just got in an endless loop digging through the python libraries and used all my 16 gigs of ram, then started swapping out all over my SSD.

  8. Alan Sharkey

    I use the desktop one on Windows. It seems to have automatically updated me to version 0.4.315 - way beyond the one that fixed this issue.


  9. Claptrap314 Silver badge

    OWASP #1

    At least some years: "use of insecure library".

  10. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Will Zuckerberg's Libra have a God Mode?

  11. Reginald Onway

    Optional option:

    D E L E T E !

    If IS FB you know.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022