WhatsApp has issued fixes for vulnerabilities in its Web app, which could have affected up to 200 millions of its users.
The vulnerabilities were discovered by security researcher Kasif Dekel at Checkpoint, and allowed attackers to utilize the “vCard” contact card format to distribute malwares to unsuspecting users. The vulnerabilities was shared with WhatsApp on August 21th, and a patch was rolled out on August 27th, which blocked the feature. The prompt action of WhatsApp was applauded by Checkpoint, whose Security Research Group Manager Oded Vanunu remarked that “WhatsApp responded quickly and responsibly.” The security firm also hope for the same professional course of action from other vendors.
WhatsApp Web is a web-based client for the Whatsapp messaging service, which allows for mobile messaging across multiple platforms including iOS, Android, Windows and Blackberry. The web client is fully synchornized with its mobile counterparts.
Source: http://www.winbeta.org/news/whatsapp-web-critical-vulnerability-fixed