54 minutes ago
3
ARTICLE AD BOX
WhatsApp genitor Meta has published a caller information advisory for the instant messaging app. WhatsApp Security Advisories 2026 Updates denote patches for 2 vulnerabilities.
WhatsApp has fixed these 2 information flaws that the institution says tin beryllium misused to interfere with the mode media and attachments are handled connected users' devices. According to Malwarebytes Labs, though these bugs don’t automatically infect devices, but they little the obstruction for societal engineering and could beryllium chained with different vulnerabilities for much superior attacks.The archetypal issue, tracked arsenic CVE‑2026‑23866, affects however WhatsApp processes AI‑generated “rich effect messages” that embed Instagram Reels.
On affected iOS and Android versions, incomplete validation means a specially crafted connection could origin the app to load media from an attacker‑controlled URL. In immoderate cases, this could trigger operating system‑level customized URL strategy handlers. In different words: a booby‑trapped connection could punctual your instrumentality to unfastened contented from an untrusted source.
What WhatsApp Security Advisory says connected the 2 bugs
CVE-2026-23866: Incomplete validation of AI affluent effect messages for Instagram Reels successful WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could person allowed a idiosyncratic to trigger processing of media contented from an arbitrary URL connected different user’s device, including triggering OS-controlled customized URL strategy handlers.
We person not seen grounds of exploitation successful the wild.CVE-2026-23863: An attachment spoofing contented successful WhatsApp for Windows anterior to v2.3000.1032164386.258709 could person allowed maliciously formatted documents with embedded NUL bytes successful the filename to beryllium shown successful the exertion arsenic 1 benignant of record but tally arsenic an executable erstwhile opened. We person not seen grounds of exploitation successful the wild.The acknowledgement of some the bug findings is to outer researchers via Meta Bug Bounty submission.
How to update WhatsApp for Android
You tin easy update WhatsApp from the Google Play Store.
- Open the Google Play Store
- Search for WhatsApp Messenger
- Tap Update
Note: Updates whitethorn not beryllium disposable instantly successful each regions.
How to update WhatsApp connected iOS
To update WhatsApp connected iOS:
- Open the App Store
- Tap your illustration icon
- Scroll to find WhatsApp and pat Update
If it’s not listed, hunt for WhatsApp to cheque if an “Update” fastener is available.
