So, where is the proof for this attack claim? And I don't mean articles which only make assumptions themselves. Taking into account how large the user base of WhatsApp is, such an open attack vector would be a major issue. Nonetheless, I don't see such a hot topic in malware or intrusion research circles.
There have been a lot of vulnerabilities in media frameworks of mobile devices, yes, and once something like this is recognized, it's usually quickly fixed because of widespread use of such media framework components and thus possible attacks if vulnerabilities are left unfixed.
You are right to be doubtful about claims of widespread easy attacks on WhatsApp as such big problem would be widely known in cybersecurity world and quickly fixed. While there are not usually open ways for just anyone to attack WhatsApp there have been highly targeted attacks like those using sophisticated spy software which are quickly patched by WhatsApp. Also like any software WhatsApp can have flaws in its parts but these are usually found and fixed fast. Main difference is between general way to attack and specific hard to find flaw that is used for very targeted attacks.
