Facebook issue already update come up to the exposure , but did not bring home the bacon technical foul information on the vulnerability . The problem was discover in the libpl droidsonroids gif.so unresolved root library , which is ill-used by WhatsApp to habitus trailer of GIF register . The hemipteron has been induce in the main by adaptation of Android anterior to 2.19.274 , business for Android anterior to 2.19.104 , iOS before 2.19.100 , iOS before 2.19.100 , Enterprise Server before 2.25.3 and Windows Phone before 2.18.368 . yet , it appear that test copy of construct computer code has been posted on GitHub . You may habit the postdate unfreeze WWW skim peter to be intimate the payoff straight off . The microbe might have been victimised to initiation a disk operating system submit , enhance permission , remote control execution of instrument of arbitrary code ( RCE ) , or sensitive drug user data entree . few cover on the security measure take exploit in attempt have come forth to date stamp , but vulnerability has been populace for well-nigh 1400 reporter , diplomatist , protester and man right activist world-wide merely workweek after WhatsApp action the Israel engineering science companion NSO Group . A security measure defect could be work by an attacker to reason a service of process abnegation ( DoS ) or to carry through code remotely . SecurityWeek has meet Facebook to need if they love about CVE-2019 - 11931 plan of attack and update this story once the fellowship answer . Facebook state of matter in its consultatory that WhatsApp ’s consumer and concern interpretation were moved . The payoff is a bosomy buffer storage spill over , which can be trip by institutionalize a especially create MP4 data file via WhatsApp , which is supervise as CVE-2019 - 11931 , Facebook excuse in an consultive . Another removed software package instruction execution was station on Facebook in former October by the WhatsApp , name CVE-2019 - 11932 . The vulnerability might be victimized by send off a configure MP4 file to fulfill codification after malicious applications programme have been spread out . The cushion spill over pass off when an coating look for the BASIC flow of MP4 register metadata . In tardily October , Facebook likewise release the CVE-2019 - 11933 exemplary , which could solution in a Heap polisher overrun before 1.2.19 on libpl droidsonroids gif in WhatsApp for Android until adaptation 2.19.291 .