WhatsApp users are advised to review their settings and ensure they have the latest version of the app installed due to two identified software vulnerabilities. Security analysts have disclosed concerns regarding the handling of media files and attachments within the messaging platform, along with a specific threat to WhatsApp for Windows users.
Although these vulnerabilities do not automatically infect devices, experts caution that they could facilitate social engineering attacks by cybercriminals or be combined with other weaknesses to pose more severe risks. Malwarebytes researchers highlighted the potential for a malicious message to deceive a device into opening content from an untrusted source.
The security flaws, known as CVE-2026-23866 and CVE-2026-23863, were uncovered through Meta’s Bug Bounty program. While there is currently no evidence of real-world exploitation or device infections, WhatsApp reassured users that they have not observed any such incidents.
In response, the Meta-owned company has issued an update and strongly recommends users to verify their settings for added security. Users are urged to ensure that WhatsApp is fully updated on their devices to stay protected.
For Android users, the update process involves accessing the Google Play Store, searching for WhatsApp Messenger, and selecting the “Update” option. iPhone users can update WhatsApp by opening the App Store, navigating to their profile icon, selecting WhatsApp, and clicking “Update.”
Following the update installation, devices will be safeguarded against potential future attacks. This warning coincides with news that some older Android devices may lose access to WhatsApp soon. WhatsApp intends to discontinue support for devices running versions older than Android 6 starting on September 8, 2026, according to WABetaInfo. Affected users may receive a notification indicating that WhatsApp will no longer function on their device later this year.
Most individuals are unlikely to be impacted by this change, as Android 6 was released in 2015 and is now uncommon on modern smartphones.