Security researchers have identified two critical vulnerabilities in WhatsApp that could potentially expose users to cyber threats. The flaws involve the handling of media files and attachments, as well as a specific issue affecting WhatsApp for Windows users.
While these vulnerabilities do not automatically infect devices, they could facilitate social engineering attacks by cybercriminals. Malicious messages could trick devices into opening content from untrusted sources, posing a security risk.
The vulnerabilities, named CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. Although there is no evidence of real-world exploitation yet, WhatsApp has released an update to address the issues. Users are strongly advised to ensure their app settings are secure and to update WhatsApp promptly to safeguard their devices.
To update WhatsApp on Android devices, users can access the Google Play Store, search for WhatsApp Messenger, and click on “Update.” iPhone users should open the App Store, navigate to their profile, locate WhatsApp, and select “Update.” By keeping their WhatsApp app up to date, users can protect themselves from potential security threats.
In related news, WhatsApp plans to discontinue support for older Android devices running versions earlier than Android 6 starting September 8, 2026. This move may impact a small number of users, as Android 6 was released in 2015 and is now seldom found on modern smartphones. Affected users may receive a notification stating that WhatsApp will no longer function on their devices later this year.
It is crucial for WhatsApp users to stay informed about security updates and ensure they are using the latest app version to mitigate potential risks.