The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-severity security alert for users of WhatsApp Desktop on Windows. The advisory highlights a critical vulnerability that could allow attackers to execute arbitrary code on affected systems, potentially leading to unauthorised access or data theft.

Details of the Vulnerability

The vulnerability stems from a misconfiguration between MIME types and file extensions in WhatsApp Desktop versions prior to 2.2450.6. This flaw could enable attackers to disguise malicious files as legitimate attachments. When such a file is opened manually within WhatsApp Desktop, it could trigger the execution of harmful code on the victim’s machine. 

CERT-In’s advisory emphasises the risk of spoofing attacks and unauthorised data access resulting from this vulnerability. Users who have not updated their WhatsApp Desktop application to version 2.2450.6 or later are particularly at risk. 

Affected Users

The security flaw affects users operating WhatsApp Desktop on Windows systems with versions earlier than 2.2450.6. Given WhatsApp’s extensive user base in India, with over 400 million users, the potential impact is significant. 

Recommended Actions

To mitigate the risk associated with this vulnerability, CERT-In recommends the following steps:

• Update WhatsApp Desktop: Ensure that your application is updated to version 2.2450.6 or later.
  
• Exercise Caution with Attachments: Avoid opening attachments from unknown or untrusted sources, especially those with suspicious file names or extensions.
  
• Maintain System Security: Keep your operating system and antivirus software updated to reduce exposure to threats.

Coverage by Major Publications

This security alert has been widely reported across various reputable news outlets:

• The Times of India: “Government has a warning for these WhatsApp users: What is it and how you can stay safe.“
  
• Business Standard: “WhatsApp users on Windows PCs advised caution following Cert-In warning.“
• India.com: “Attention WhatsApp users! Govt flags security flaws, issues alert.“
• The Economic Times: “CERT-In flags security flaw in WhatsApp Desktop version.“
• Forbes: “New WhatsApp Warning—Update Now To Fix Security Flaw.“
• Deccan Herald: “CERT-In flags security vulnerability in WhatsApp Messenger app.“
• LiveMint: “Beware WhatsApp users: CERT-In flags high-severity vulnerability in Windows Desktop app.“
• Business Today: “This new WhatsApp Desktop malware can steal your data! Here’s how to stay safe.“

Inside Traffic Editorial Note

This development underscores the importance of regular software updates and vigilance against potential cyber threats. Users are urged to promptly update their applications and exercise caution with unsolicited attachments to safeguard their personal information. 

Stay informed. Stay secure