“All the way from a simple Open-Redirect, through a Persistent-XSS and a CSP-bypassing to a full Cross-Platform, Read from the File System plus potentially a Remote-Code-Execution” Weizman added in his Technical Writeup.įacebook rewarded $12,500 to Weizman under responsible disclosure policy.įacebook patched this vulnerability and released a new Desktop version. Through which, the researcher was able to access the local file system of Mac and Windows platform content of C:\Windows\System32\drivers\etc\hosts file.
Learn more in the new blog from CTO #cybersecurity- PerimeterX FebruReading From the File System on Mac/Windowsīypassing the CSP rules, it allows an attacker to steal valuable information from the victim, load external payloads easily. PerimeterX researcher has discovered a security vulnerability in WhatsApp that can be used to aid #phishing campaigns, spread #malware and put millions of users at risk.