Users of WhatsApp are advised to review their settings and ensure they are using the latest version of the application following the discovery of two security vulnerabilities. Security experts have identified issues related to the handling of media files and attachments, as well as a specific concern for Windows users of WhatsApp.
Although the vulnerabilities do not automatically infect devices, they could potentially be exploited by cybercriminals for social engineering attacks or combined with other vulnerabilities to pose more significant threats. Malwarebytes experts highlighted that a malicious message could deceive a device into opening content from an untrusted source.
These vulnerabilities, known as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. As of now, there is no evidence to suggest that these flaws have been exploited in real-world attacks or used to infect phones. WhatsApp stated that there is no indication of exploitation in the wild.
However, as a precaution, the Meta-owned company has issued an update and strongly recommended that users review their settings. To ensure protection, users are urged to update WhatsApp to the latest version on their devices.
For Android users, updating WhatsApp can be done through the Google Play Store by searching for WhatsApp Messenger and selecting “Update.” iPhone users can update by accessing the App Store, tapping their profile icon, scrolling to WhatsApp, and selecting “Update.” Once the update is completed, devices will be safeguarded against potential future attacks.
In related news, some older Android devices may lose access to WhatsApp soon, as the messaging platform plans to discontinue support for devices running versions older than Android 6 starting from September 8, 2026. Affected users may receive a message indicating that WhatsApp will no longer function on their device later this year.
While this change may impact some users, it is expected to have minimal effects as Android 6 was introduced in 2015 and is now rarely used on modern smartphones.