Security firm Check Point has found a bug in the web versions of WhatsApp and Telegram, which could be exploited to access chats and media.
The two messaging apps fixed the vulnerability following its disclosure on 8 March.
“The exploitation of this vulnerability starts with the attacker sending an innocent-looking file to the victim, which contains malicious code,” said Check Point.
“Once the user clicks to open it, the malicious file allows the attacker to access WhatsApp’s and Telegram’s local storage, where user data is stored”.
An attacker can also send a malicious HTML file to a user’s contacts, which could not be prevented due to the apps’ end-to-end encryption.
A full breakdown of the vulnerability is available here.
Videos of the vulnerability being exploited are posted below.