Connect with us

Tech News

WhatsApp Allows Python, PHP Script Execution on Windows

Published

on

Latest Hacking News

WhatsApp for Windows does not block Python or PHP script execution on Windows systems, posing a potential security risk to users.

WhatsApp Allows Script Execution on Windows Devices Without Warnings

Researchers have discovered a concerning security issue with Meta’s WhatsApp chat platform. According to Saumyajeet Das, WhatsApp for Windows does not issue security warnings when downloading Python files from chats, opening the door for malicious scripts to be sent to unsuspecting users.

While WhatsApp typically blocks certain file types and displays warnings to prevent security threats, it fails to do so for .PYZ, .PYZW, and .EVTX file types.

Bleeping Computer investigated the matter and confirmed the findings, noting similar leniency towards PHP scripts in a video demonstration.

Meta Does Not Recognize the Issue as a Security Flaw

After responsibly disclosing the vulnerability to Meta, Das received a response stating that the behavior is not considered a security flaw by the company. Meta relies on user caution and their existing alert system to mitigate risks.

Meta’s statement emphasized caution when interacting with files from unknown sources, regardless of the platform used.

Despite Meta’s stance, the potential for malicious exploitation following a WhatsApp account compromise remains a concern. Users should exercise caution, especially when dealing with Python and PHP files on Windows.

Share your thoughts in the comments below.

See also  WhatsApp Will Make it Easier to See When Someone is Typing

Trending