Authorities have issued a cyber security alert regarding several WhatsApp vulnerabilities that could put users at risk if exploited through harmful attachments. The flaws may enable hackers to access systems without permission and compromise sensitive data and device security. 

In a recent advisory, Computer Emergency Response Team (CERT-In) stated that hackers may take advantage of multiple WhatsApp security flaws through malicious files designed to look safe to users. The vulnerabilities affect WhatsApp across iOS, Android, and Windows devices. Although CERT-In has rated the overall threat level as medium, it warned that successful exploitation could lead to serious security impacts. 

Computer Emergency Response Team (CERT-In) has cautioned that weaknesses in WhatsApp’s handling of specific attachment filenames and external media links may enable cybercriminals to disguise malicious files as legitimate ones. Attackers could exploit these flaws to execute arbitrary code, evade security safeguards, and even load harmful content from remote sources, raising the risk of complete system takeover on affected devices. 

According to the advisory, several versions of WhatsApp are vulnerable to the reported security flaws. These include WhatsApp for iOS versions ranging from 2.25.8.0 to 2.26.15.72, Android versions between 2.25.8.0 and 2.26.7.10, as well as WhatsApp for Windows versions released before 2.3000.1032164386.258709. 

WhatsApp stated that the security vulnerabilities have now been patched in the newest versions of the application for iOS, Android, and Windows users. According to the company’s security advisory notes, the issues were responsibly disclosed by external researchers participating in Meta Platforms’ bug bounty initiative before being assessed by WhatsApp’s security experts. 

According to WhatsApp, there is currently no evidence to suggest that the disclosed security flaws were exploited in the wild before the patches were released. 

CERT-In has urged WhatsApp users to install the latest app updates as a preventive measure against the recently disclosed vulnerabilities. The agency highlighted that keeping software updated plays a critical role in minimising cyber threats and also advised users to avoid opening suspicious links or attachments sent via messaging apps. With WhatsApp being one of the world’s most widely used messaging services, CERT-In cautioned that medium-severity flaws can still pose significant risks due to the potential scale of impact.