Millions of WhatsApp users could still be vulnerable to a flaw in the popular messaging application that allows hackers to send malicious code.
Security firm CheckPoint researcher Kasif Dekel on Wednesday revealed that he had uncovered a vulnerability which allows a cyber criminal to exploit WhatsApp Web logic and trick victims into executing malicious code.
The exploit works by compromising the WhatsApp for Web interface which allows subscribers to use a PC to engage in online chats.
Hackers send targets a “vCard” format contact card attachment which they can use to hide executable code.
Once the victim clicks what he or she believes to be a contact card, the code can run on the target computer and perform tasks assigned to it.
CheckPoint warned WhatsApp which has 900 million users about the vulnerability on August 21 and the Facebook-owned company released an update a week later.
However, users who have not updated their WhatsApp client remain vulnerable to the flaw which requires no hacking tools to execute.