whatsapp-crosses-500-milion-active-user-base-624x350-624x350

In February, WhatsApp created ripples with a flaw that allowed anyone to track you regardless of privacy settings. Now, a new flaw in the web version has emerged which can put up to 200 million users at risk.

According to security firm Check Point, a malicious phishing code can make WhatsApp for Web dangerous if the code is opened. This means it can trick users into executing arbitrary code on their PCs. Known as MaliciousCard vulnerability, it is found in how the instant messaging service handles vCards or virtual business cards.

“While the hacker would find a way to use the number of someone within the person’s contact list, all that was needed then was to create a scenario where they would send the vCard, and once opened, the virus would enter the system,” explains SiliconRepublic.

The security form had informed WhatsApp and the latter had issued an update last month to fix the bug.

“Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client” said Oded Vanunu, Security Research Group Manager at Check Point. “We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices.”