March 18, 2026

Meta Refuses to Patch WhatsApp’s 4th Vulnerability Exposing View Once Feature

Vaibhav March 18, 2026
Meta Refuses to Patch WhatsApp's 4th Vulnerability Exposing View Once Feature
Post Views: 9

Meta’s View Once Feature Bypassed Again, Company Declines to Patch Vulnerability

A researcher has identified a fourth method to bypass Meta’s View Once feature, which allows users to send ephemeral content that disappears after being viewed by the recipient. However, Meta has declined to patch the vulnerability, citing that it involves a modified client application and falls outside of its security model.

The View Once Feature and Its Limitations

The View Once feature is designed to provide an additional layer of privacy for users, but it has been repeatedly bypassed by researchers. The latest method, discovered by Tal Be’ery, co-founder and CTO of Zengo, involves the use of a modified client and could potentially be leveraged by attackers using a browser extension and WebRTC for mass exploitation.

Be’ery has demonstrated the bypass method and published a blog post detailing his findings, but has not shared technical details to prevent potential exploitation. Meta has been informed of the vulnerability, but has indicated that it will not patch it, as it does not consider it a security issue within its bug bounty program.

Meta’s Response and Be’ery’s Proposal

Be’ery has expressed disappointment with Meta’s response, arguing that the company has been inconsistent in its assessment of similar vulnerabilities in the past. He proposes that Meta implement a digital rights management (DRM) system to prevent the misuse of View Once content, similar to the approach used by Netflix.

Meta has clarified that View Once is intended as an additional privacy layer for conversations between trusted contacts, and that it should not be relied upon as a forensic-grade data deletion tool. The company has stated that it continuously hardens the feature in official clients, but that client spoofing and modified clients fall outside the scope of its bug bounty program.

Conclusion

The vulnerability highlights the ongoing challenges in securing ephemeral content and the need for robust security measures to prevent exploitation. As the use of private messaging apps continues to grow, it is essential that companies like Meta prioritize the security and privacy of their users’ data.



About Author

Vaibhav

See author's posts

More Stories

Zero-Trust Architecture Vulnerabilities: Closing the Microsoft Compatibility Protocol (MCP) Backdoor

Zero-Trust Architecture Vulnerabilities: Closing the Microsoft Compatibility Protocol (MCP) Backdoor

Vaibhav March 18, 2026
Firefox Free Built-in VPN: Secure Browsing Without Additional Costs

Firefox Free Built-in VPN: Secure Browsing Without Additional Costs

Vaibhav March 18, 2026
Graylog Enhances AI-Powered Threat Detection with Explainable AI and Automated Workflows

Graylog Enhances AI-Powered Threat Detection with Explainable AI and Automated Workflows

Vaibhav March 18, 2026

Latest Cyber Security News

Zero-Trust Architecture Vulnerabilities: Closing the Microsoft Compatibility Protocol (MCP) Backdoor

Zero-Trust Architecture Vulnerabilities: Closing the Microsoft Compatibility Protocol (MCP) Backdoor

Vaibhav March 18, 2026
Firefox Free Built-in VPN: Secure Browsing Without Additional Costs

Firefox Free Built-in VPN: Secure Browsing Without Additional Costs

Vaibhav March 18, 2026
Graylog Enhances AI-Powered Threat Detection with Explainable AI and Automated Workflows

Graylog Enhances AI-Powered Threat Detection with Explainable AI and Automated Workflows

Vaibhav March 18, 2026
Unified Governance and Threat Prevention for AI and Human Collaboration

Unified Governance and Threat Prevention for AI and Human Collaboration

Vaibhav March 18, 2026
GlassWorm Hits 400-Plus GitHub and VSCode Extensions

GlassWorm Hits 400-Plus GitHub and VSCode Extensions

Vaibhav March 18, 2026
en_USEnglish
en_USEnglish