Overview
- Google's Project Zero identified a flaw tied to automatic media downloads that allowed malicious files to be delivered through fake group invitations.
- Malwarebytes warns Android users can be attacked simply by being added to a group and advises disabling Media Auto‑Download.
- WhatsApp has released a patch and is rolling out Strict Account Settings, which restricts attachments and media from people not in a user's contacts.
- Security guidance also urges limiting who can add you to groups to reduce the risk of drive‑by media delivery.
- The scope of successful compromises remains unclear, with reports noting potential for arbitrary code execution on targeted devices.