"WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device, according to Malwarebytes."
"One flaw, tracked as CVE-2026-23866, affected Android and iOS devices and stemmed from incomplete validation of AI-generated rich response messages, including previews tied to Instagram Reels."
"The second flaw, CVE-2026-23863, affected WhatsApp for Windows and involved improper handling of filenames containing embedded null bytes, allowing attackers to disguise executable files as harmless documents."
"In practice, a user might believe they are opening a safe file while unknowingly triggering a potentially dangerous executable, as highlighted by The420.in."
Meta addressed two security vulnerabilities in WhatsApp that impacted iOS, Android, and Windows users. One flaw involved incomplete validation of AI-generated rich response messages, which could allow attackers to exploit media processing. The second flaw on Windows enabled spoofed filenames, allowing malicious files to masquerade as safe documents. Although there is no evidence of exploitation, these vulnerabilities pose risks for phishing and other attacks. Users are advised to update their apps to mitigate these security issues.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]