A WhatsApp bug lets malicious media files spread through group chats
Summary
Project Zero disclosed a WhatsApp Android zero-click media download vulnerability that can be exploited when a user is added to a group and a malicious media file is sent. The article provides practical mitigations including disabling auto-download, preventing media from saving to the gallery, restricting group additions, and enabling two-step verification, along with notes on ongoing fixes and broader privacy concerns.