Popular messaging app WhatsApp and Telegram recently resolved the flaws in their admired instant messaging applications after thr security researchers illustrated that they could grab control of user accounts.
The Check Point Software Technologies mentioned that last week only they alerted Telegram and Facebook-owned WhatsApp, waiting until the vulnerability was recovered before making it public.
However, Check Point did not provide an detailed information on how many messaging accounts are vulnerable but did say the fault posed a danger to "hundreds of millions" of users who are accessing the messaging podium from web browsers in computers.
"This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of a complete account take over," Check Point head of product vulnerability Oded Vanunu said in a release.
"By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user."
With the vulnerability the attacker easily booby-trap a digital image with a spiteful code that could spring into action after the picture is clicked on for viewing, according to Check Point. The code then was capable to hijack an account, and also can spread itself like a virus by transferring tainted messages to people who are listed as contacts.
According to Check Point, the privacy defense had the side effect of putting off the services from being able to distinguish whether message contents included malicious code or not. To remedy the situation, both the services moved to find and blocking viruses before messages are encrypted, the security researchers said.