WhatsApp For Windows: Update Immediately

WhatsApp Windows users have been warned to check they are running the latest edition. A new update fixes a bug which could make it much easier to distribute malware.

The issue is not with the more familiar mobile app, nor with the website version that's available by visiting https://web.whatsapp.com/ in a browser. Instead it's with the downloadable WhatsApp for Desktop Windows app that lets users make video calls and share their screen among other benefits.

The security flaw involves the way users can send attachments. As The Register explains, such files come with accompanying data called MIME that tells software what type of file it is. (Source: theregister.com)

Malware In Disguise

The problem is that WhatsApp for Desktop Windows was using the MIME data to decide how to display the file on screen, but then using the filename extension to tell Windows how to open it (for example, in what application).

That could be exploited to send a file that had bogus MIME data suggesting it was an image, which would then appear as a small thumbnail in the WhatsApp chat. However, in the exploit the file would have an .EXE filename extension. That means if somebody clicked on the thumbnail expecting to open a full-size image, they'd actually be opening an executable file that could be malware.

Many users would be protected by security software on their PCs that would block or scan any executable file before running it for the first time, particularly through a web link. However, such an attack could well be a numbers game with scammers disguising the malware as an image that could be shared and reshared, quickly spreading between WhatsApp groups.

Quick Fix

WhatsApp has now fixed the bug with the latest security update, which brings WhatsApp for Windows to at least version 2.2450.6. At the time of writing, the latest version of WhatsApp is 2.2515.7.0.

How to Find Out Which Version of WhatsApp You Have

To find out which version of WhatsApp is installed on your machine, launch WhatsApp on your Windows PC, then click the WhatsApp Settings cogwheel in the bottom left hand corner, then select Help and it will say which version you have.

How to Manually Update WhatsApp on a Windows PC

If you have Windows Update Blocker (WUB) enabled, you will need to temporarily enable Windows Updates in order for the Windows Store to work. After that, you can download WhatsApp by visiting this link which will take you to the Windows Store. Once the file is downloaded, run it and it will update WhatsApp.

What's Your Opinion?

Do you use WhatsApp for Desktop Windows? Are you surprised by this bug? Do you feel more confident about opening attachments and images from known friends in online chat tools?