Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch

A researcher has discovered another method to bypass WhatsApp’s View Once feature, but Meta does not plan to patch it because it involves a modified client application. The View Once feature enables users to send photos, videos or voice messages that disappear from the chat after they have been viewed by the recipient. In addition, View Once is designed to prevent users from saving, forwarding, or taking screenshots of the content before it disappears.  Tal Be’ery, a reputable researcher and co-founder and CTO of the Zengo cryptocurrency wallet, has found several ways to bypass View Once over the past couple of years, demonstrating how someone could download the file sent via View Once before it vanishes.  Zengo issued a warning in September 2024 after discovering that a bypass reported at the time had been exploited in the wild.  The latest View Once bypass method is the fourth uncovered by Be’ery. The researcher told SecurityWeek that all previously discovered bypass vulnerabilities were eventually patched by WhatsApp developers, and that he received a bug bounty for one of them.  Be’ery has demonstrated the latest method for SecurityWeek and on Wednesday he published a blog post explaining his findings, without sharing technical details to prevent malicious exploitation. The researcher has also shared a video showing the exploit in action.  The exploit involves the use of a modified WhatsApp client. Be’ery pointed out that an attacker could also leverage a browser extension and WhatsApp Web for mass exploitation. WhatsApp owner Meta has been informed about the vulnerability, but the company indicated it would not patch it. The vendor informed the researcher that the issue falls outside of its security model and is not covered by its bug bounty program, arguing that it’s difficult to completely prevent a user from capturing content sent via View Once, as they can use another phone to take photos or videos of the content, or use a modified WhatsApp client. Be’ery is displeased that Meta has — in his view — not been consistent in assessing such vulnerabilities, arguing that previously reported issues all involved modified clients and were all patched.  As a solution to View Once bypass methods, the researcher proposes implementing a digital rights management (DRM) system. “Similar to Netflix, WhatsApp needs to make sure View Once media is not digitally abused by attackers trying to redistribute it and explicitly scope out analog recording as outside its threat model,” Be’ery said. “By doing so, WhatsApp can establish a clear delineation between issues that are included within the security model and those that are not, and concentrate its security resources accordingly.” Meta’s response to the WhatsApp View Once bypass Contacted by SecurityWeek, Meta clarified that it considers View Once an additional privacy layer that reduces persistence for media files sent between trusted contacts in the official WhatsApp application.  The company noted that the privacy feature is designed for conversations between people who trust each other and — as communicated to users — it should only be used to send content to trusted contacts and should not be viewed as a forensic-grade data deletion tool.  Meta said it continuously hardens View Once in official clients, but client spoofing and modified clients fall outside the scope of its bug bounty program. The company claims it has been consistent in its assessment of View Once security issues in official clients as opposed to attacks involving rogue clients. [ Read: Researcher Spotlights WhatsApp Metadata Leak ] The tech giant said it appreciates Be’ery’s continuous contributions, but in the case of the latest View Once issue the report is out of scope due to the involvement of an unofficial client application. As for the researcher’s suggestion to use DRM, Meta believes it’s not a good fit for a private messenger’s threat model for several reasons, including the fact that DRM relies on a license server that controls who receives decryption keys. In addition, DRM would still allow someone to record the content on a second device, and the DRM system itself can also be hacked.  Related: WhatsApp Boosts Account Security for At-Risk Individuals Related: Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts Related: NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Hacking Attempt Reported at Poland’s Nuclear Research Center Loblaw Data Breach Impacts Customer Information Starbucks Data Breach Impacts Employees Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Apple Updates Legacy iOS Versions to Patch Coruna Exploits Meta Launches New Protection Tools as It Helps Disrupt Scam Centers Latest News Tech Giants Invest $12.5 Million in Open Source Security UK Companies House Exposed Details of Millions of Firms  Surf AI Raises $57 Million for Agentic Security Operations Platform Robotic Surgery Giant Intuitive Discloses Cyberattack 174 Vulnerabilities Targeted by RondoDox Botnet Google, Meta, Microsoft Among Signatories of Pact to Combat Scams Tracebit Raises $20M for Cloud-Native Deception Technology CISA Flags Year-Old Wing FTP Vulnerability as Exploited Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security And Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Nudge Security has appointed Patrick Dillon as Chief Revenue Officer. Arctic Wolf has named Will May as its Chief Revenue Officer. Palo Alto Networks has named Danielle Gonzalez as its new Chief People Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email