{“lastseen”:”2026-05-05T14:13:17″,”description”:”Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.\\n\\nWhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. \\n\\nThese bugs don\u2019t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.\\n\\n## Malicious messages\\n\\nThe first issue, tracked as CVE\u20112026\u201123866, affects how WhatsApp processes AI\u2011generated \u201crich response messages\u201d that embed Instagram Reels. On affected iOS and Android versions, incomplete validation means a specially crafted message could cause the app to load media from an attacker\u2011controlled URL. In some cases, this could trigger operating system\u2011level custom URL scheme handlers. \\n\\nIn other words: a booby\u2011trapped message could prompt your device to open content from an untrusted source.\\n\\n### How to update WhatsApp for Android\\n\\nYou can easily update WhatsApp from the **Google Play Store**.\\n\\n 1. Open the Google Play Store\\n 2. Search for**** WhatsApp Messenger\\n 3. Tap **Update**\\n\\n\\n\\n**Note** : Updates may not be available immediately in all regions.\\n\\n### How to update WhatsApp on iOS\\n\\nTo update WhatsApp on iOS:\\n\\n * Open the App Store\\n * Tap your profile icon\\n * Scroll to find WhatsApp and tap **Update**\\n\\n\\n\\nIf it’s not listed, search for WhatsApp to check if an \\”Update\\” button is available.\\n\\n## Misleading filenames\\n\\nThe second bug, CVE\u20112026\u201123863, affects WhatsApp for Windows before version 2.3000.1032164386.258709. \\n\\nIn this case, WhatsApp did not correctly handle filenames containing embedded NUL bytes. This could allow a file to appear as a harmless type in the interface while actually being treated as an executable when opened. That’s a classic recipe for social engineering: \u201cclick the PDF,\u201d but get an `.exe` file.\\n\\n### How to update WhatsApp for Windows\\n\\nYou can find your WhatsApp for Windows version number by clicking on your profile picture and selecting **Help and feedback**.\\n\\nVersion 2.3000.1038705703.261501\\n\\nIf your version number is earlier than 2.3000.1032164386.258709, update via the Microsoft Store:\\n\\n 1. Click the **Start** menu and search for **Microsoft Store** to open it\\n 2. Click **Library** located at the bottom-left corner\\n 3. Find **WhatsApp Desktop**\\n 4. Click **Get Updates** or **Update**\\n\\n\\n\\nOnce installed, restart the app to apply the changes.\\n\\n### Automatic updates on Windows\\n\\nMy WhatsApp was already up to date because I have automatic updates turned on. Here’s how to turn it on:\\n\\n 1. Click the **Start** menu and search for **Microsoft Store** to open it\\n 2. Select **Profile**(your account picture) \\u003e **Settings**\\n 3. Make sure **App updates** is toggled to **On**\\n\\n\\n\\n* * *\\n\\n**Scammers don’t need to hack you. They just need you to click once.** \\n\\nMalwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.”,”published”:”2026-05-05T11:39:11″,”modified”:”2026-05-05T11:39:11″,”type”:”malwarebytes”,”title”:”Update WhatsApp now: Two new flaws could expose you to malicious files”,”source”:””,”references”:””,”id”:”MALWAREBYTES:544DB1D8FAB8646C12DB39FBFE087BDE”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-23863″,”CVE-2026-23866″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/update-whatsapp-now-two-new-flaws-could-expose-you-to-malicious-files”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-05T14:13:17″,”description”:”Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.\\n\\nWhatsApp has fixed two security flaws that could be abused…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,26,12,115,21,13,7,11,5],"class_list":["post-51485","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-malwarebytes","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n