WhatsApp has urgently updated its app after discovering a critical vulnerability that could allow hackers to take control of a user’s device. The flaw, identified by Meta, WhatsApp’s parent company, involves a “spoofing issue” that lets cybercriminals execute attacks via shared images or files.
The vulnerability affects only WhatsApp for Windows Desktop. It is triggered when a user opens a malicious attachment, which could lead to the execution of arbitrary code instead of simply displaying the image or file. This could allow hackers to remotely access the device without the user’s knowledge.
Meta has not confirmed whether any users have fallen victim to this issue. Security experts have warned users to be cautious about the images they receive, particularly in group chats. Adam Pilton, a cybersecurity consultant at CyberSmart, cautioned that users could unwittingly expose themselves to malware if they share or open malicious attachments in group settings.
The vulnerability was reported to Meta through its bug bounty programme, which rewards researchers for finding security flaws. This discovery is part of a growing trend where malware is disguised as harmless attachments. A recent report by cybersecurity firm SonicWall revealed that new malware threats surged significantly in 2024, with over 210,000 new variants discovered.
Spencer Starkey, a senior executive at SonicWall, warned that cybercriminals are developing new methods to bypass security measures. Companies must remain vigilant and adaptable to combat these ever-evolving threats.
