WhatsApp has issued an urgent update after discovering a vulnerability that could allow hackers to gain remote access to a user’s device through a shared image or file.
The security flaw involves a “spoofing issue” that allows cyber criminals to execute an attack through an attachment, according to an alert issued by WhatsApp’s parent company Meta.
Only versions of WhatsApp for Windows Desktop are at risk to the exploit, which is triggered as soon as a user opens a malicious attachment on their device.
“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” the security advisory stated.
Meta did not share whether any WhatsApp users have fallen victim to the security issue. The Independent has reached out to the company for further details.
Security experts warned WhatsApp users to be weary of the images they receive, as well as sharing them with others in their group chats.
“Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous,” Adam Pilton, a senior cybersecurity consultant at CyberSmart, told The Independent.
“If a cyber criminal was able to share this image either in your group or with someone you trust who then goes on to share it in your group, anybody in that group could unknowingly execute the malicious code associated with the shared image.
The latest bug, which was reported to Meta through a bug bounty programme, is part of a rising trend of malware being disguised as harmless attachments.
A recent report from cyber security firm SonicWall revealed that malicious attacks of this type rose significantly in 2024.
The company observed 210,258 never-before-seen malware variants, averaging 637 new threats daily last year.
“Cybercriminals are constantly developing new tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats,” said Spencer Starkey, an executive vice president at SonicWall.
“Due to the speed at which new attacks are being created, they are more adaptive, and difficult to detect, which poses an additional challenge for cybersecurity professionals.”
