Security researchers have identified two critical software vulnerabilities in WhatsApp that could potentially make users vulnerable to cyberattacks. The flaws affect how media files and attachments are handled, as well as posing a threat to Windows users of the messaging platform.
Although these vulnerabilities do not automatically infect devices, experts warn that they could be exploited by cybercriminals for social engineering attacks or in combination with other vulnerabilities to launch more serious threats. Malwarebytes, the cybersecurity firm, highlighted that a malicious message could deceive a device into opening content from an untrusted source.
The vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. While there is no evidence of these flaws being exploited in real-world attacks, WhatsApp has urged users to update their app to the latest version as a precautionary measure.
To safeguard against potential threats, users are advised to ensure that their WhatsApp application is fully updated on their devices. Android users can update the app through the Google Play Store by searching for WhatsApp Messenger and selecting “Update.” iPhone users should open the App Store, navigate to WhatsApp under their profile icon, and choose “Update.”
Following the installation of the update, users can protect their devices from possible future security risks. Additionally, WhatsApp users with older Android devices may face access issues, as the app plans to discontinue support for devices running versions older than Android 6 starting September 8, 2026, as reported by WABetaInfo. While it is expected that most users are already using newer versions, affected individuals may receive a notification indicating that WhatsApp will no longer function on their devices.
In conclusion, staying vigilant about software updates and device compatibility is crucial to ensuring a secure messaging experience.