Users of WhatsApp are advised to review their settings and ensure they have the latest version of the application installed following the discovery of two significant software vulnerabilities. These vulnerabilities, affecting media file and attachment handling, as well as WhatsApp for Windows users, were identified by security researchers. Although the flaws do not automatically infect devices, they could potentially facilitate social engineering attacks by cybercriminals.
Malwarebytes experts cautioned that a malicious message could deceive a device into opening content from an untrusted source, exploiting the vulnerabilities known as CVE-2026-23866 and CVE-2026-23863, found through Meta’s Bug Bounty program. Despite no evidence of real-world exploitation or phone infections, WhatsApp has released an update urging users to verify their settings.
To stay secure, users must ensure WhatsApp is completely updated on their devices. Android users can update by accessing the Google Play Store, searching for WhatsApp Messenger, and selecting “Update.” iPhone users should open the App Store, tap their profile icon, scroll to WhatsApp, and choose “Update.” Once updated, devices will be safeguarded against potential attacks.
In related news, older Android devices may lose WhatsApp access as the platform plans to discontinue support for devices running Android versions older than 6 beginning September 8, 2026. Affected users may receive a message indicating WhatsApp will cease functioning on their devices later in the year. However, the impact is expected to be minimal, considering Android 6’s rarity on modern smartphones, released back in 2015.