Dangerous WhatsApp bug on Windows let hackers run malicious code

In context: WhatsApp is one of the most popular communication platforms of all time with around three billion users worldwide. This means that even the slightest security flaw in the app could pose a serious risk to lots of people. Meta recently updated the Microsoft Store version of its WhatsApp app to patch a potentially dangerous security vulnerability discovered by external researchers. According to WhatsApp's security advisory, the flaw could have been exploited to run malicious code on a PC, affecting versions of WhatsApp for Windows prior to 2.2450.6. The issue, tracked as CVE-2025-30401, stemmed from how the Windows app handled file attachments. Specifically, WhatsApp relied on the file extension to determine how to open an attachment. Unlike MIME types, file extensions can be misleading, potentially tricking users into executing arbitrary, malicious code when opening a file within WhatsApp. A carefully crafted mismatch between an attachment's file extension and its MIME typ ... Read full article.