Particle.news
Download on the App Store
7 ARTICLES
·
2w ago

WhatsApp Fixes Critical Windows Vulnerability Allowing Malicious Code Execution

Users urged to update to version 2.2450.6 after a spoofing flaw was discovered in attachment handling, posing significant security risks.

Stock image. The buttons of WhatsApp, Facebook, Twitter and other apps on the screen of an iPhone.
Image
Image
Image

Overview

  • A vulnerability in WhatsApp for Windows Desktop, identified as CVE-2025-30401, allowed attackers to execute arbitrary code via spoofed attachments.
  • The flaw stemmed from a mismatch in how attachments were displayed based on MIME type but executed based on file extensions, creating potential for malicious code execution.
  • Exploitation required user interaction, with attackers relying on victims to manually open maliciously crafted attachments.
  • Meta has patched the issue in WhatsApp version 2.2450.6 following its discovery through the company's Bug Bounty program by an external researcher.
  • Security experts emphasize the importance of updating to the latest version and caution against opening suspicious attachments, even from trusted contacts.