Whitehat hacker says Whatsapp media server (media.whatsapp.com) interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. This allows hacker to gather usernames via an “/etc/passwd” file and also another sensitive files like log files. The vulnerability was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week.
Source: https://thehackernews.com/2013/06/Hacking-whatsapp-android-application.html