Meta has found a critical bug in a widely used version of WhatsApp that could lead to cyber criminals gaining access to people’s devices without them realising what’s going on.

As reported by Cyber Security News, the bug affects every version of the official WhatsApp for Windows app up to but not including version 2.2450.6, so if you use WhatsApp on your desktop PC or laptop connected to your iPhone or Android phone, it’s best to check which version you’re running and update to the latest available

WhatsApp for Windows is downloadable from WhatsApp’s website or from the official Microsoft Windows Store on Windows 10 and Windows 11 computers. It allows anyone with a WhatsApp account to mirror their WhatsApp account from their smartphone so they can view all their chats and use WhatsApp on a larger screen.

“A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension,” an official advisory from WhatsApp owner Meta said.

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”

Translated, an arbitrary code attack can give bad actors access to devices remotely, in this case by sending an attachment or even what appears to be a simple image file in WhatsApp to you which, when opened, could set up access to your private files or data.

WhatsApp is attached to your phone number, which means it must be associated with an iPhone or Android phone running the app. Unlike Facebook Messenger, you can’t log in to multiple accounts technically, instead if you want to use WhatsApp on another phone or computer you need to use WhatsApp’s official linking option that mirrors the app on a companion device.

This is possible to do through the WhatsApp Web website, but there is also an official Windows app that can be preferred as it appears in the Windows tool bar so when you’re logged onto your laptop it exists as a siloed app rather than a browser tab.

You stay logged in, which means you can reply to messages easily if you are working from your computer rather than having to keep picking up your phone. But as this warning goes to show, these lesser used versions of WhatsApp are being studied by criminals in attempts to find weaknesses.

It’s good that this particular bug has been spotted but it’s a stark reminder that it’s always best to keep your smartphone and PC apps up to date. You can turn on automatic updates on iOS, Android, Windows and Mac to ensure you are always running the latest version of WhatsApp and every other app on your devices.

Though it appears this vulnerability was not exploited publicly, now that knowledge of it is out there you could be at risk, so head to your PC now to check you’re on the newest version of WhatsApp for Windows.