MIME The Attachments You Open In WhatsApp For Windows

The Meta Behind The WhatsApp Doc-tored Attachments

If you have fallen under the Zuck’s influence and use WhatsApp for Windows you might want to stop, or at least stop opening attachments until you are positive you’ve updated to at least version 2.2450.6.  There is a rather nasty bug in previous versions which allows code execution to be triggered when you open a doctored attachment that was sent to you.  The attachment could be anything from a document to a JPEG, and since most users tend to click on anything they are sent there is a good chance this is going to hit people you know, if not yourself.

The flaw comes about thanks to WhatsApp using MIME to identify what type of file was sent, and theoretically which app to use to open it.  The problem is that MIME can lie, and what you see as a perfectly innocent image, or even not so innocent, is actually an EXE file.  You won’t see any indication of that trickery, as WhatsApp believes the MIME metadata and displays the attachment as whatever MIME tells says it is.  Howsoever when you click the attachment, the actual file type is registered with the OS and the EXE is launched.

Always be careful clicking attachments; even more so if your tendency is not to regularly check for app updates.