Avoid the Hack! :donor:

1 month ago • •

Avoid the Hack! :donor:
1 month ago • •

#WhatsApp for #Windows lets Python, PHP scripts execute with no warning

Granted, Python needs to be installed on the system prior.

Meta says they will not bother to fix this, despite maintaining a built-in list of potentially dangerous file types (ex: .exe)

#security #cybersecurity #messengers

bleepingcomputer.com/news/secu…

in reply to Avoid the Hack! :donor:

Casey Reeves

in reply to Avoid the Hack! :donor: • 1 month ago • •

And the price of stupidity that will lead to disaster is once again handed off to meta!

It's not a matter of IF this gets exploited but WHEN it'll get exploited.

in reply to Casey Reeves

Avoid the Hack! :donor:

in reply to Casey Reeves • 1 month ago • •

@xogium apparently this has been reported before.

You would think they’d just add these to the list they already use, it’s low hanging fruit. But seems like it’s not worth the effort because it’ll “only” affect a handful of users.

@Casey Reeves

in reply to Avoid the Hack! :donor:

Tamas G

in reply to Avoid the Hack! :donor: • 1 month ago • •

@xogium oddly the same story goes for accessibility-related things, so this is an area in which security and accessibility can intersect in a strange way, too. Until there's mass-exploitation of this (and it's a bit limited of course with requiring Python to be in path to begin with), they may never get to it, it'll stay in Backlog for months, get punted to another team, go to their backlog, maybe a spike gets created over it, yada yada yada

@Casey Reeves

⇧