New Delhi: The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology has issued a high-severity alert about a newly discovered spoofing vulnerability in WhatsApp Desktop for Windows. This security flaw puts users at serious risk. It also has the potential to allow unauthorized access, data theft, and the execution of malicious code on their systems, as outlined in the government advisory.

The advisory explains that the issue arises from a misconfiguration between the MIME type and file extension handling for attachments. This flaw allows attackers to trick the system by disguising malicious files as legitimate ones. When these files are opened in WhatsApp Desktop they can trigger the execution of harmful code on the victim’s computer.

WhatsApp, owned by Meta is a popular messaging platform known for its end-to-end encryption. It ensures privacy across mobile and desktop versions. However, a security flaw specific to the desktop version could put these privacy protections at risk, particularly for Windows users who haven't updated to the latest version.

Here’s how to Stay Safe:

- Update WhatsApp Desktop: Make sure to update your WhatsApp Desktop to version 2.2450.6 or later to protect against potential threats.

- Be Cautious with Attachments: Avoid opening attachments from unknown sources, especially those that look suspicious or lack the expected file extensions.

- Stay Alert: Be extra careful while interacting with messages or files from unfamiliar contacts.

- WhatsApp Account Ban Action: WhatsApp recently banned over 8.4 million accounts in August last year to fight fraud and suspicious activity. This move by Meta aimed to reduce the misuse of the platform for scams.