CVE-2019-18426

Name of the Vulnerable Software and Affected Versions WhatsApp Desktop versions prior to 0.3.9309 WhatsApp for iPhone versions prior to 2.20.10

Description The issue is related to a lack of protection in the web page structure, allowing for cross-site scripting attacks. Exploiting this issue requires the victim to click a link preview from a specially crafted text message, potentially enabling remote attackers to read files from the victim's local file system. The vulnerability was found to be related to JavaScript handling.

Recommendations For WhatsApp Desktop versions prior to 0.3.9309, update to version 0.3.9309 or later to resolve the issue. For WhatsApp for iPhone versions prior to 2.20.10, update to version 2.20.10 or later to resolve the issue. As a temporary workaround, consider avoiding clicking on link previews from unknown or untrusted sources in WhatsApp messages until the issue is resolved.