WhatsApp Patches Two Vulnerabilities Affecting Media Handling
Meta has patched two vulnerabilities in WhatsApp that could be used to manipulate media handling and facilitate social engineering attacks.
Meta has released a security advisory for WhatsApp, addressing two vulnerabilities that could be exploited to interfere with how media and attachments are handled on user devices. The vulnerabilities, including CVE-2026-23866, do not automatically infect devices but could be chained with other exploits to facilitate more serious attacks.
The first vulnerability, CVE-2026-23866, affects the processing of AI-generated "rich response messages" that embed Instagram Reels on both iOS and Android platforms. These flaws lower the barrier for social engineering attacks, potentially allowing attackers to deliver malicious files or content to unsuspecting users.
There is currently no evidence that these vulnerabilities have been exploited in the wild. WhatsApp users are strongly encouraged to update their applications to the latest version immediately to ensure they have the latest security patches. [Malwarebytes Labs]