WhatsApp security flaws could expose devices to attacks, warns Cert-In
Cert-In has warned WhatsApp users about multiple security flaws that could allow attackers to execute malicious code and gain unauthorised access on affected devices
 "WhatsApp security flaws could expose devices to attacks, warns Cert-In")
India’s Computer Emergency Response Team (Cert-In) has issued a vulnerability note, warning users about multiple security flaws in WhatsApp that could expose devices to serious risks, including unauthorised access and potential system compromise. The advisory highlights that attackers could exploit these vulnerabilities by sending specially crafted attachments. According to Cert-In, the issue affects WhatsApp users on iOS, Android, and Windows platforms, with Certain versions identified as vulnerable. The agency has categorised the severity as medium, but noted that the potential impact could still be significant if exploited.
What is the risk for users
Cert-In said the vulnerabilities could allow attackers to spoof file types, execute arbitrary code, and bypass security protections on affected devices. In simpler terms, this means a malicious file could appear harmless but carry hidden code that runs once opened.
The advisory also warns of risks such as full system compromise and unauthorised access, depending on how the vulnerabilities are exploited. In some cases, attackers could trick the app into loading malicious content from external sources controlled by them.
How the attack works
The issue stems from weaknesses in how WhatsApp handles certain types of files and messages. Cert-In noted that improper handling of attachment filenames and incomplete validation of messages containing external media links create an opening for attackers.
By sending specially crafted attachments, an attacker can manipulate how the app processes files, potentially triggering malicious actions without the user realising the risk.
Who is affected
The vulnerabilities impact multiple versions of WhatsApp across platforms, including:
- WhatsApp for iOS (v2.25.8.0 to v2.26.15.72)
- WhatsApp for Android (v2.25.8.0 to v2.26.7.10)
- WhatsApp for Windows (versions prior to v2.3000.1032164386.258709)
Cert-In has said end users running these versions can be affected.
What users should do
Cert-In has advised users to update WhatsApp to the latest available version to reduce the risk. Installing updates ensures that known vulnerabilities are patched and security protections are strengthened.
The agency emphasised that timely updates remain one of the most effective ways for users to protect their devices against such threats.
Why this matters
With WhatsApp being one of the most widely used messaging platforms, vulnerabilities like these can potentially affect a large number of users. Even though the severity rating is classified as medium, the ability to execute code or bypass protections makes the issue important for users to take seriously.
Cert-In’s advisory highlights the growing need for users to stay updated and cautious, especially when dealing with unexpected attachments or links received on messaging platforms.