As with all ads, especially M$ ones…
No Code, Don’t Care

At least if the code was available, I would find out what they mean by “spoofed Mime” and how that attack vector works (Is the actual file “magic” header spoofed, but the file still manages to get parsed with its non-“spoofed” actual format none the less?!, How?).

Also, I would have figured out if this is a new use of “at scale” applied to purely client code, or if a service is actually involved.

Sort of cool from an engineering standpoint, but realistically the best layer of security for WhatsApp is to not use it. Meta is a security vulnerability.