The special thing about these flaws is that they do not hack the phone directly, but make the path easier for attackers. That is, if some trick was already being used to trap a user, then these bugs could have made that attack more dangerous. This is the reason why cyber security experts are considering them serious and are advising users to be cautious.
How did the AI message bug become a threat?
The first flaw was revealed as CVE 2026 23866, which was related to the feature of WhatsApp in which content like Instagram Reels is embedded through AI based rich response messages. This feature was introduced to improve the user experience, but in some versions its testing process was not completely secure.
Taking advantage of this weakness, an attacker could send a specially crafted message. When the user opened that message, the app could load media from an unknown and attacker-controlled link. In some cases, it could also trigger system level features of the phone, causing the user to be redirected to external content without their knowledge.
Attachment Trick for Windows Users
The second flaw was CVE 2026 23863, which was found in the Windows version of WhatsApp. This was a problem related to attachment spoofing, which seems simple but its impact could be quite serious.
In this, the attacker could create a file that looks like a normal document or image, but in reality it is an executable file. As soon as the user opened it, that file could start working in its original form. Such attacks are usually used to trick users into running dangerous software.
no major damage yet
The company has clarified that so far no concrete evidence of misuse of these two flaws has been found. That means they have not been seen being used on a large scale. Still, experts believe that such bugs should not be taken lightly, because they can cause huge damage when combined with other cyber attacks.
This is why it was necessary to fix these flaws in time and Meta has patched it quickly. It has also come to light that information about these bugs was given to the company by external researchers, after which they were fixed.
What precautions should users take
In such cases, the most important step is that the user always keeps his app updated, because security patches are available only in the new version. Apart from this, one should avoid opening any unknown link, file or attachment without thinking, especially if it comes from an unknown number.
Discover more from News Link360
Subscribe to get the latest posts sent to your email.
