

WhatsApp Security Vulnerability - rsobers
http://www.telegraph.co.uk/technology/internet-security/11850817/WhatsApp-security-breach-lets-hackers-target-web-app-users.html

======
mercora
I wonder why this should only be exploitable on the WhatsApp web application.
If it is possible to trick browsers into launching arbitrary applications by
using vcards, this should affect many web application using vcards and the the
security issue would have been in the browser side of things. What am i
missing?

~~~
steve19
It simply allows you to send arbitrary files. No different to sending a link
to a virus over email or putting a link on a Web page.

Stupid/normal users would then try run the downloaded file.

~~~
NullCharacter
It's a little more guileful than that, and it definitely is a flaw with
WhatsApp not validating their file types/formats.

~~~
sambe
But only a little - you could argue the vast majority of e-mail attachments
are .doc etc with parsing bugs rather than straight .exe. Contrary to the
gushing "using only their phone number" in the article, they admit that
gullibility is required.

