WhatsApp bug could let strangers see your personal files

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

A potentially disastrous security flaw has been found in WhatsApp, which allowed strangers to see a person's personal files.

The exploit would have let someone see the information on a person's computer if they sent them a malicious link, security researchers said.

The bug has since been fixed and is not thought to have been exploited.

If someone was attacked by the bug, they would receive a link that may look legitimate, including the small preview that shows when someone sends a link on WhatsApp.

But clicking it would have allowed the attacker to exploit a weakness in WhatsApp's Content Security Policy, which allowed users to send manipulated, malicious messages.

Once that happened, an attacker would have been able to gain access to the files stored on the person's computer.

The issue affected people who use the desktop version of WhatsApp, which borrows from the mobile version of the app.

The bug has been fixed in recent updates, and users have been warned to make sure that everything they are using to chat on WhatsApp – the phone app, as well as the one being used on the desktop – should be updated to avoid any issues.

“We regularly work with leading security researchers to stay ahead of potential threats to our users," a WhatsApp spokesperson said. "In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop.

"The bug was promptly fixed and has been applied since mid December.”