By Lucy Caulkett-
WhatsApp, the world’s largest messaging platform used by more than 3 billion people globally, has begun rolling out a new feature and urging users to change a specific setting to protect against a newly discovered vulnerability that could install malware on devices — simply by accepting a group invitation.
Security researchers recently uncovered a flaw allowing zero-click media files — malicious attachments that download automatically — to be sent to unsuspecting users. The attack vector does not require any user interaction: hackers can add victims to a group chat and exploit WhatsApp’s media handling so that the harmful file reaches the device without any tap or click.
AD: Capeesh Restaurant
In response, WhatsApp has introduced a new “Strict Account Settings” option. According to parent company Meta, this lock-down mode forces privacy defaults to their most restrictive levels and blocks attachments, media and calls from numbers not in the user’s contacts. The feature is aimed at giving users — especially those at higher risk of targeted cyberattacks like journalists, activists and public figures — an easier way to harden their accounts against sophisticated threats.
The toggle lives in Settings → Privacy → Advanced, and once switched on, it restricts how unknown senders interact with your account.
WhatsApp and various security outlets are advising users to: enable Strict Account Settings to lock key privacy and security options at the highest levels.
AD: Oysterian Sea Food Restaurant And Bar
They are also being asked to limit automatic media downloads, especially from unknown contacts. and keep the app updated to the latest version to ensure patched vulnerabilities don’t go unaddressed.
These measures are designed to prevent stealthy delivery of harmful code or spyware — a threat that grows as attackers exploit messaging platforms with ever more cunning social engineering and delivery methods.
Echoes of Past Security Flaws
This isn’t the first time WhatsApp has been forced to re-engineer around a dangerous bug. In August 2025, the company patched a zero-click vulnerability in iPhone and Mac versions that had been leveraged for spyware installs on targeted users’ devices. That flaw, designated CVE-2025-43300, was serious enough that both Apple and WhatsApp issued fixes after security teams found it being used in real attacks.
Earlier vulnerabilities have also occasionally prompted warnings. In 2025, security experts flagged issues on the Windows Desktop version of WhatsApp that could have enabled remote code execution simply by opening a tainted file — a risk underlining that even seemingly secure apps remain part of the wider attack surface.
And while not a WhatsApp-specific bug, agencies like the U.S. National Security Agency previously warned iPhone and Android users to turn off outdated messaging protocols like MMS to avoid automatic media processing risks—showing that simple default settings on mobile platforms can unexpectedly expose phones to attack.
Mobile Messaging Security Is Bigger Than WhatsApp
Security researchers say that the broader landscape of mobile messaging is riddled with edge-case vulnerabilities — from protocol design flaws to subtle feature settings that leak information or allow unauthorized access. Past academic work, for example, has pointed out how certain handshake mechanisms and group messaging protocols can expose privacy or security boundaries if not managed properly.
What this all underscores: no platform, not even one with end-to-end encryption by default, is immune to danger. As attackers innovate, so must defensive defaults and user awareness.
Bottom Line for Users
WhatsApp’s newest setting gives users a quick way to flip privacy to its strictest posture — a welcome improvement for those who don’t want to manually tweak half-a-dozen toggles. But security experts also remind users to:
Keep the app updated.
Avoid opening unexpected media.
Tailor privacy settings to limit unknown contacts.
Watch for official warnings from WhatsApp or their device maker.
In an era where messaging apps are portals into our private lives, knowing where your settings stand isn’t just good practice — it’s essential defence.
Hackers create group chats on the app, and once a user accepts the invitation, the file is sent to their device without them even knowing it.
Malwarebytes adds: “The bug affects WhatsApp on Android and involves zero‑click media downloads in group chats.
“You can be attacked simply by being added to a group and having a malicious file sent to you.”
WhatsApp launches new privacy protection feature
WhatsApp has now launched a new, lockdown-style feature called Strict Account Settings.
If you turn this feature on, it will lock certain account settings on the app to the most restrictive.
WhatsApp explained: “It will limit how your WhatsApp works in some ways, like blocking attachments and media from people not in your contacts.”
To activate, head to settings, click privacy, then advanced. And that’s it, easy as that.
WhatsApp added: “Strict Account Settings is one of many ways we’re working to protect you from the most sophisticated of cyber threats.
“We’ve also rolled out a programming language called Rust behind the scenes to help keep your photos, videos, and messages safe from things like spyware, so you can share and chat with confidence.”
It continued: “At WhatsApp, we think you should be able to have a private conversation online, just like you would in-person.
“We will always defend that right to privacy for everyone.
Another way to prevent unwanted files from being downloaded onto your phone via bugs on WhatsApp is to switch off auto-download (for media), according to Malwarebytes.
To do that, head to settings and click chats, then switch off ‘Media visibility’ (Android) or ‘Save to Photos’ (Apple iOS).
AD: Heritage And Restaurant Lounge Bar