AppleInsider: WhatsApp client flaw allows hackers to read files stored on any device.
"Stemming from research about a security flaw found in 2017 where an attacker could change the text of a person's reply within WhatsApp, work by security researcher Gal Weizman of Perimeter X uncovered a number of other security issues. Depending on the particular flaw, Weizman was capable of performing persistent cross-site scripting (XSS) within WhatsApp, as well as being able to read the local file system of a recipient by sending a single message."