A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.

The vulnerability was discovered last week by researchers from Check Point Software Technologies and was patched by the WhatsApp and Telegram developers after the company privately shared the flaw’s details with them.