The vulnerability was discovered by PerimeterX researcher Gal Weizman who detailed that hackers could insert malicious JavaScript codes into messages and remotely access files through the outdated WhatsApp client. He explained that the software was running on an older release of Google’s Chromium engine which had not received any current security updates that could prevent potential attacks.
Furthermore, Ars Technica added that the desktop version of WhatsApp is built on an Electron framework which easily allowed the developers to port the software on multiple platforms – in this case, Windows and Mac. However, the framework will not be secure either if the app built on it is using an older web engine, let alone being outdated in terms of security. The flaw is present on WhatsApp desktop from version 0.3.9309 and earlier. Therefore, it’s without question that users should update their client software to the latest version as soon as possible. Keep in mind that the desktop version of the messenger is not to be confused with the browser based WhatsApp Web, which usually is updated automatically. (Source: PerimeterX via ArsTechnica.)