WhatsApp users: ‘Update right away’ as new bugs could inject ‘dangerous’ files in your devices

Home Events WhatsApp users: ‘Update right away’ as new bugs could inject ‘dangerous’ files in your devices
Events, News
May 6, 2026May 6, 2026By Source Author
0 0
Spread the love
      

WhatsApp users: 'Update right away' as new bugs could inject 'dangerous' files in your devices

WhatsApp parent Meta has published a new security advisory for the instant messaging app. WhatsApp Security Advisories 2026 Updates announce patches for two vulnerabilities. WhatsApp has fixed these two security flaws that the company says can be misused to interfere with the way media and attachments are handled on users’ devices. According to Malwarebytes Labs, though these bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.The first issue, tracked as CVE‑2026‑23866, affects how WhatsApp processes AI‑generated “rich response messages” that embed Instagram Reels. On affected iOS and Android versions, incomplete validation means a specially crafted message could cause the app to load media from an attacker‑controlled URL. In some cases, this could trigger operating system‑level custom URL scheme handlers. In other words: a booby‑trapped message could prompt your device to open content from an untrusted source.

What WhatsApp Security Advisory says on the two bugs

CVE-2026-23866: Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggering OS-controlled custom URL scheme handlers. We have not seen evidence of exploitation in the wild.CVE-2026-23863: An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exploitation in the wild.The acknowledgement of both the bug findings is to external researchers via Meta Bug Bounty submission.

How to update WhatsApp for Android

You can easily update WhatsApp from the Google Play Store.

  • Open the Google Play Store
  • Search for WhatsApp Messenger
  • Tap Update

Note: Updates may not be available immediately in all regions.

How to update WhatsApp on iOS

To update WhatsApp on iOS:

  • Open the App Store
  • Tap your profile icon
  • Scroll to find WhatsApp and tap Update

If it’s not listed, search for WhatsApp to check if an “Update” button is available.


Spread the love
      

Leave a Reply

Your email address will not be published.

× Free India Logo
Welcome! Free India