{"id":13960,"date":"2020-09-18T14:19:14","date_gmt":"2020-09-18T17:19:14","guid":{"rendered":"https:\/\/ostec.blog\/?p=13960"},"modified":"2020-09-18T14:20:04","modified_gmt":"2020-09-18T17:20:04","slug":"falla-en-whatsapp-web","status":"publish","type":"post","link":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/","title":{"rendered":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador"},"content":{"rendered":"

El bug fue encontrado en WhatsApp Web y afectaba tambi\u00e9n los aplicativos de desktop de Windows e Mac, sin embargo, ya fue corregido.<\/em><\/p>\n

El martes pasado (04\/01), el investigador de seguridad cibern\u00e9tica, Gal Weizman, de\u00a0PerimeterX<\/a>, divulg\u00f3 detalles t\u00e9cnicos de vulnerabilidades de alta gravedad encontradas en WhatsApp.<\/p>\n

Identificado como\u00a0CVE \u2013 2019 \u2013 18426<\/a>, el bug se aprovecha de una vulnerabilidad de redireccionamiento abierto que puede llevar a ataques XSS (cross \u2013 site scripting) iniciados a trav\u00e9s de un mensaje especialmente preparado y enviado a la v\u00edctima.<\/p>\n

El cross site scripting (XSS) probablemente es la vulnerabilidad de seguridad m\u00e1s com\u00fan existente en aplicativos Web. Se estima que aproximadamente 65% de los sitios web son vulnerables al ataque XSS, una estad\u00edstica realmente preocupante.<\/p>\n

La falla tambi\u00e9n permit\u00eda modificar el \u201cpreview\u201d de los links enviados v\u00eda WhatsApp, incluyendo texto e imagen. Esta t\u00e9cnica induce al usuario a hacer clic y puede ser utilizada para redireccionarlos a sitios web maliciosos.<\/p>\n

Abajo presentamos im\u00e1genes de los tests que hizo Weisman. En el test, el texto y el logotipo son de Facebook, sin embargo, la url direcciona al usuario a otro sitio web.<\/p>\n

\"\"<\/p>\n

Ilustraci\u00f3n I \u2013 Fuente: Gal Weizman \u2013 Perimeterx.com, 2019.<\/p>\n

 <\/p>\n

Al clicar en el mensaje, la v\u00edctima abre las puertas para que el cibercriminal ejecute un c\u00f3digo remotamente en su m\u00e1quina, eso incluye la posibilidad de capturar informaciones.<\/span><\/p>\n

\"\"Ilustraci\u00f3n II \u2013 Fuente: Gal Weizman \u2013 Perimeterx.com, 2019.<\/p>\n

Seg\u00fan el investigador:<\/p>\n

\u201cSi las reglas del CSP\u00a0(Content Security Police)<\/a>\u00a0estuviesen configuradas adecuadamente, el poder adquirido por ese XSS seria mucho menor, la capacidad de ignorar la configuraci\u00f3n del CPS, permite que un invasor capture informaciones valiosas de la v\u00edctima, cargue cargas externas f\u00e1cilmente y mucho m\u00e1s.\u201d<\/p><\/blockquote>\n

Las fallas identificadas fueron relatadas por Weizman al equipo de seguridad de Facebook el a\u00f1o pasado, que corrigi\u00f3 las fallas y lanz\u00f3 una versi\u00f3n actualizada del aplicativo para desktop.<\/p>\n

Weizman fue recompensado con una cuant\u00eda de $12.500 d\u00f3lares, premio dado por la empresa en el programa de recompensas para usuarios que identifican bugs y fallas de seguridad.<\/p>\n","protected":false},"excerpt":{"rendered":"

El bug fue encontrado en WhatsApp Web y afectaba tambi\u00e9n los aplicativos de desktop de Windows e Mac, sin embargo, ya fue corregido. El martes pasado (04\/01), el investigador de seguridad cibern\u00e9tica, Gal Weizman, de\u00a0PerimeterX, divulg\u00f3 detalles t\u00e9cnicos de vulnerabilidades de alta gravedad encontradas en WhatsApp. Identificado como\u00a0CVE \u2013 2019 \u2013 18426, el bug se […]<\/p>\n","protected":false},"author":13,"featured_media":13963,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1019,1025],"tags":[],"class_list":["post-13960","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-generico","category-noticias-es"],"yoast_head":"\nFalla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados\" \/>\n<meta property=\"og:description\" content=\"El bug fue encontrado en WhatsApp Web y afectaba tambi\u00e9n los aplicativos de desktop de Windows e Mac, sin embargo, ya fue corregido. El martes pasado (04\/01), el investigador de seguridad cibern\u00e9tica, Gal Weizman, de\u00a0PerimeterX, divulg\u00f3 detalles t\u00e9cnicos de vulnerabilidades de alta gravedad encontradas en WhatsApp. Identificado como\u00a0CVE \u2013 2019 \u2013 18426, el bug se […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\" \/>\n<meta property=\"og:site_name\" content=\"OSTEC | Seguran\u00e7a digital de resultados\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ostec\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-18T17:19:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-18T17:20:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"928\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thais Souza\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ostecsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@ostecsecurity\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\"},\"author\":{\"name\":\"Thais Souza\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/ca88ecd81da20ed5773cd0959c645c33\"},\"headline\":\"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador\",\"datePublished\":\"2020-09-18T17:19:14+00:00\",\"dateModified\":\"2020-09-18T17:20:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\"},\"wordCount\":368,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ostec.blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg\",\"articleSection\":[\"Gen\u00e9rico\",\"Not\u00edcias\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\",\"url\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\",\"name\":\"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados\",\"isPartOf\":{\"@id\":\"https:\/\/ostec.blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg\",\"datePublished\":\"2020-09-18T17:19:14+00:00\",\"dateModified\":\"2020-09-18T17:20:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage\",\"url\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg\",\"contentUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg\",\"width\":928,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/ostec.blog\/es\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ostec.blog\/#website\",\"url\":\"https:\/\/ostec.blog\/\",\"name\":\"OSTEC | Seguran\u00e7a digital de resultados\",\"description\":\"Empresa especializada na oferta de produtos e servi\u00e7os de seguran\u00e7a digital.\",\"publisher\":{\"@id\":\"https:\/\/ostec.blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ostec.blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ostec.blog\/#organization\",\"name\":\"OSTEC Business Security\",\"url\":\"https:\/\/ostec.blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png\",\"contentUrl\":\"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png\",\"width\":251,\"height\":67,\"caption\":\"OSTEC Business Security\"},\"image\":{\"@id\":\"https:\/\/ostec.blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ostec\",\"https:\/\/x.com\/ostecsecurity\",\"https:\/\/www.instagram.com\/ostecsecurity\/\",\"https:\/\/linkedin.com\/company\/ostec-security\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/ca88ecd81da20ed5773cd0959c645c33\",\"name\":\"Thais Souza\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/ostec.blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/400dde6458954de06efa803109767977?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/400dde6458954de06efa803109767977?s=96&d=mm&r=g\",\"caption\":\"Thais Souza\"},\"url\":\"https:\/\/ostec.blog\/es\/author\/thais-souza\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/","og_locale":"es_ES","og_type":"article","og_title":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados","og_description":"El bug fue encontrado en WhatsApp Web y afectaba tambi\u00e9n los aplicativos de desktop de Windows e Mac, sin embargo, ya fue corregido. El martes pasado (04\/01), el investigador de seguridad cibern\u00e9tica, Gal Weizman, de\u00a0PerimeterX, divulg\u00f3 detalles t\u00e9cnicos de vulnerabilidades de alta gravedad encontradas en WhatsApp. Identificado como\u00a0CVE \u2013 2019 \u2013 18426, el bug se […]","og_url":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/","og_site_name":"OSTEC | Seguran\u00e7a digital de resultados","article_publisher":"https:\/\/www.facebook.com\/ostec","article_published_time":"2020-09-18T17:19:14+00:00","article_modified_time":"2020-09-18T17:20:04+00:00","og_image":[{"width":928,"height":534,"url":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg","type":"image\/jpeg"}],"author":"Thais Souza","twitter_card":"summary_large_image","twitter_creator":"@ostecsecurity","twitter_site":"@ostecsecurity","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#article","isPartOf":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/"},"author":{"name":"Thais Souza","@id":"https:\/\/ostec.blog\/#\/schema\/person\/ca88ecd81da20ed5773cd0959c645c33"},"headline":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador","datePublished":"2020-09-18T17:19:14+00:00","dateModified":"2020-09-18T17:20:04+00:00","mainEntityOfPage":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/"},"wordCount":368,"commentCount":0,"publisher":{"@id":"https:\/\/ostec.blog\/#organization"},"image":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage"},"thumbnailUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg","articleSection":["Gen\u00e9rico","Not\u00edcias"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/","url":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/","name":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador - OSTEC | Seguran\u00e7a digital de resultados","isPartOf":{"@id":"https:\/\/ostec.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage"},"image":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage"},"thumbnailUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg","datePublished":"2020-09-18T17:19:14+00:00","dateModified":"2020-09-18T17:20:04+00:00","breadcrumb":{"@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#primaryimage","url":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg","contentUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/02\/whatsapp.jpg","width":928,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/ostec.blog\/es\/generico\/falla-en-whatsapp-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/ostec.blog\/es\/"},{"@type":"ListItem","position":2,"name":"Falla en WhatsApp Web permit\u00eda que cibercriminales accedieran a archivos del computador"}]},{"@type":"WebSite","@id":"https:\/\/ostec.blog\/#website","url":"https:\/\/ostec.blog\/","name":"OSTEC | Seguran\u00e7a digital de resultados","description":"Empresa especializada na oferta de produtos e servi\u00e7os de seguran\u00e7a digital.","publisher":{"@id":"https:\/\/ostec.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ostec.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/ostec.blog\/#organization","name":"OSTEC Business Security","url":"https:\/\/ostec.blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/#\/schema\/logo\/image\/","url":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png","contentUrl":"https:\/\/ostec.blog\/wp-content\/uploads\/2020\/11\/logo_ostec_250.png","width":251,"height":67,"caption":"OSTEC Business Security"},"image":{"@id":"https:\/\/ostec.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ostec","https:\/\/x.com\/ostecsecurity","https:\/\/www.instagram.com\/ostecsecurity\/","https:\/\/linkedin.com\/company\/ostec-security"]},{"@type":"Person","@id":"https:\/\/ostec.blog\/#\/schema\/person\/ca88ecd81da20ed5773cd0959c645c33","name":"Thais Souza","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/ostec.blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/400dde6458954de06efa803109767977?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/400dde6458954de06efa803109767977?s=96&d=mm&r=g","caption":"Thais Souza"},"url":"https:\/\/ostec.blog\/es\/author\/thais-souza\/"}]}},"_links":{"self":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts\/13960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/comments?post=13960"}],"version-history":[{"count":0,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/posts\/13960\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/media\/13963"}],"wp:attachment":[{"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/media?parent=13960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/categories?post=13960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ostec.blog\/es\/wp-json\/wp\/v2\/tags?post=13960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}