On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click exploit. "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment's filename extension," WhatsApp explained in a Tuesday advisory. More recently, following reports from security researchers at the University of Toronto's Citizen Lab, WhatsApp also patched a zero-click, zero-day security vulnerability that was exploited to install Paragon's Graphite spyware. Court documents revealed that NSO allegedly deployed Pegasus spyware in zero-click attacks that exploited WhatsApp vulnerabilities using multiple zero-day exploits. The documents also said that the spyware maker's developers reverse-engineered WhatsApp's code to create tools that sent malicious messages that installed spyware, violating federal and state laws. Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Last December, a U.S. federal judge also ruled that Israeli spyware maker NSO Group used WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices, thus violating U.S. hacking laws. In July 2024, WhatsApp addressed a slightly similar issue that allowed Python and PHP attachments to be executed without warning when recipients opened them on Windows devices with Python installed. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 08 Apr 2025 16:25:17 +0000