WhatsApp has disclosed two vulnerabilities that they have patched.

WhatsApp disclosed two medium‑impact vulnerabilities that were patched earlier this year through its bug bounty program. The first flaw allowed attackers to spoof file attachments by embedding NUL bytes so a malicious executable appeared harmless. The second stemmed from incomplete validation of AI rich responses, enabling attackers to trigger arbitrary URL scheme handlers on a victim’s device. WhatsApp reports no evidence of exploitation in the wild.

Read more:

https://www.securityweek.com/whatsapp-discloses-file-spoofing-arbitrary-url-scheme-vulnerabilities/