Overview
- Meta confirmed a high‑risk WhatsApp vulnerability to EU authorities and released app updates in the Apple App Store and Google Play.
- Attackers can run code by sending a crafted image that WhatsApp processes automatically, requiring no tap or image view by the user.
- Apple addressed related issues on iOS and macOS earlier in September, while Samsung is distributing fixes via One UI and September security updates.
- Security reporting notes active exploitation in the wild, with the flaw tied to an external image-processing library also used by other apps.
- Users are urged to update WhatsApp and their device OS, review and remove unknown linked devices, enable two-step verification, and avoid unsolicited files or links.