Leaked documents obtained by TechCrunch have shown alarming vulnerabilities within WhatsApp, the world's most popular messaging app. The documents, reportedly leaked from a company specializing in selling exploits to governments and law enforcement agencies, unveil a disturbing reality: hackers have the potential to rake in millions by exploiting security weaknesses in WhatsApp.

With over two billion users globally, WhatsApp has become a lucrative target for malicious actors looking to exploit its vulnerabilities and sell them to the highest bidder. The leaked documents expose a thriving market where a "working exploit chain," a combination of multiple security weaknesses, can fetch up to a staggering $8 million if it can compromise Android and iOS devices.

One startling revelation from the leaked documents is the price tag for specific security flaws. A single zero-click, remote-code-execution flaw for Android was reportedly sold for approximately $1.7 million. This figure underscores the premium placed on vulnerabilities that can provide unauthorized access to WhatsApp accounts.

In response to the ever-present threat of cyberattacks, Apple has issued over a dozen emergency security updates this year to address zero-day vulnerabilities. This underscores the importance of users keeping their devices up-to-date with the latest security patches to safeguard their information.

WhatsApp's overwhelming popularity has made it an alluring target for hackers, particularly nation-state actors. These malicious entities aim to monitor and spy on high-profile individuals' sensitive data and communications, including politicians, hacktivists, journalists, dissidents, and others.

According to the leaked document, the exploit targeted Android devices running versions 9 to 11, which came out in 2020, by exploiting a weakness in the library that handles image rendering. WhatsApp patched three image-related vulnerabilities in 2020 and 2021 — CVE-2020-1890, CVE-2020-1910 and CVE-2021-24041. It is unclear if these fixes addressed the same issues the exploits sold in 2021 exploited.

The infamous Pegasus spyware is also mentioned in the leaked documents. This highly sophisticated tool is designed to exploit vulnerabilities like those found in WhatsApp. Pegasus can access a wide range of data on a target device, including messages, images, location data, sounds, and photos.

WhatsApp spokesman declined to comment.