Cyber security agency has issued a warning about multiple vulnerabilities in WhatsApp that could expose users to risks such as unauthorised access and potential system compromise if exploited through malicious attachments.
The Computer Emergency Response Team (Cert-In) said in an advisory that attackers could exploit the flaws by sending specially crafted files that appear harmless but contain hidden malicious code. The vulnerabilities affect WhatsApp on iOS, Android and Windows platforms, the agency said, categorising the overall severity as medium while cautioning that the impact could still be significant.
According to Cert-In, weaknesses in how WhatsApp handles certain attachment filenames and messages containing external media links could allow attackers to spoof file types, execute arbitrary code or bypass security protections on affected devices. In some scenarios, the flaws could be used to load malicious content from external sources controlled by attackers, potentially leading to full system compromise.
The advisory said the issue impacts several versions of the messaging app, including WhatsApp for iOS versions from 2.25.8.0 to 2.26.15.72, WhatsApp for Android versions from 2.25.8.0 to 2.26.7.10, and WhatsApp for Windows versions prior to 2.3000.1032164386.258709.
WhatsApp acknowledged the vulnerabilities and said they have been patched in the latest versions of the app across all platforms. In notes shared on its security advisories page, the company said the issues were reported by external researchers through Meta’s bug bounty programme and reviewed by its security team.
WhatsApp added that it has not found any evidence suggesting the vulnerabilities were exploited in the wild.
Cert-In has advised users to update WhatsApp to the latest available version as a precaution, saying timely software updates remain one of the most effective ways to reduce cyber security risks. The agency also urged users to remain cautious when opening unexpected attachments or links received on messaging platforms.
With WhatsApp among the most widely used messaging services globally, Cert-In said even vulnerabilities rated as medium severity warrant attention due to the potential scale of impact if exploited. |
