A WhatsApp bug lets malicious media files spread through group chats
15 hours ago
- #Privacy
- #Security
- WhatsApp's reputation has declined since Meta's acquisition, shifting from a trusted messenger to a grudgingly necessary product.
- Privacy-conscious users still consider WhatsApp secure if settings are locked down, but many distrust Meta's ecosystem.
- Google's Project Zero disclosed a WhatsApp vulnerability involving zero-click media downloads in group chats, posing a security risk.
- A malicious media file in a newly created group chat can automatically download and serve as an attack vector.
- The vulnerability affects Android users, requiring attackers to know or guess at least one contact for targeted campaigns.
- Meta is sued by an international group, alleging WhatsApp can access private communications despite end-to-end encryption claims.
- Meta pushed a partial server fix on November 11, 2025, and is working on a comprehensive solution.
- Google advises disabling Automatic Download or enabling Advanced Privacy Mode to prevent auto-downloading malicious media.
- Steps to secure WhatsApp include turning off auto-download, restricting group additions, and enabling two-step verification.
- Keeping WhatsApp updated is crucial for security, as with any app or Android system.