A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.