Facebook built WhatsApp on an Electron framework that makes it easier to deliver multi-platform apps based on web technology. As Ars Technica explained, though, Electron isn’t secure if an app is based on an outdated web engine.

The flaws affect WhatsApp’s desktop software from version 0.3.9309 and earlier, as well as people who paired the app with WhatsApp’s iOS editions before 2.20.10. You’re probably safe if you downloaded the app recently or have been vigilant about staying current. This is mainly a reminder that web-based apps aren’t automatically safe, and that secure messaging is only truly secure if you’re on top of upgrades.