Table of contents:
It seems that we will never be truly protected in the world of the internet and communications, because a security vulnerability affects WhatsApp, Skype, Wordpressand more. This is a critical affectation that causes the remote execution of the Electron web application.
This code allows cybercriminals to carry out attacks with malicious code on their victims' computers, thanks to this security vulnerability, being mainly exposed WhatsApp, Skype, Wordpress and other platforms.
The security vulnerability that puts WhatsApp and Skype at risk
The web application Electron is a reference framework for the development of open source applications that promotes a large number of desktop apps such as the aforementioned WhatsApp, Skype, Wordpress and others also known as Slack, GitHub, Visual Studio and Discord.
In addition, Electron enables developers to produce hybrid applications using Chromium and the Node.js framework via APIs. In the case of Node.js security, Electron uses certain security measures that are embedded in its configuration.
These security measures were designed with the goal of evade any exploit attack that might occur, however the security company Trustwave Brendan Scarvell revealed a remote code proof-of-concept code that may lead to a security vulnerability.
This security vulnerability that mainly affects WhatsApp, Skype and Wordpress allows an attacker to gain unauthorized access to the web server. applications and execute arbitrary actions.
Specifically, the security vulnerability was identified as CVE-2018-1000136,It was also notified to Electron's security department and in March 2018 was fixed with platform versions 1.7.13, 1.8.4 and 2.0.0-beta.4.
Actually, security vulnerability affects WhatsApp, Skype, Wordpress and more, but you can avoid it by updating the Electron framework.