Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Meta has fixed the WhatsApp security bug discovered by Google

    Karlston

    By Karlston,
    Published Date:

    • 215 views
    • 2 minutes
     Share
    • 215 views
    • 2 minutes

    A couple of days ago, we broke the news that Google's Project Zero security team had exposed a flaw in WhatsApp, following Meta's inability to fix it within 90 days of the issue being privately reported. This was a pretty major issue considering that it could lead to exploitation without any interaction from the victim. Now, Meta has finally patched the bug fully.

     

    Basically, a security hole in WhatsApp allowed attackers to add their victims to groups in a specific manner and then send them media, which would be automatically downloaded to their MediaStore database. Provided that this malicious media attachment was sophisticated enough, it could trigger harmful operations within that database, and perhaps, even escape it. This attack vector is a bit scary, considering that procuring phone numbers of targets is a pretty trivial challenge in today's era, and that the attack could be successful with zero interaction from the target.

     

    After this issue was privately reported to Meta by Google in September 2025 with a 90-day deadline (which is standard in Google Project Zero's policy), the company only delivered a partial fix in November, which led to Project Zero publicly exposing the bug and us reporting on it.

     

    Although we reached out to both Google Project Zero and Meta teams for details, the former declined to comment further, while the latter did not respond at all. Well, the pressure may have worked anyway, because the bug has now been marked as fixed after the security researcher who initially reported this issue updated it with a note that Meta has "successfully landed a comprehensive fix and also found and fixed variants of this issue".

     

    Details of the patch and similar "variants" of the bug are currently unknown, but it's good to see Meta finally resolving the issue, given its severity and potential for exploitation.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Friday 30 January 2026 at 3:51 am AEST (my time).

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025: 5,700+

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...