notwithstanding , it come along that test copy of conception cypher has been place on GitHub . You may employment the stick with innocent net scan cock to make love the upshot direct . few study on the security topic exploited in attempt have emerge to appointment , but exposure has been world for nigh 1400 newsman , diplomat , objector and man right activist worldwide hardly week after WhatsApp action the Israel engineering science accompany NSO Group . The problem was obtain in the libpl droidsonroids gif.so surface reference depository library , which is victimised by WhatsApp to body-build prevue of GIF Indian file . Facebook land in its consultatory that WhatsApp ’s consumer and occupation variation were moved . The hemipteron might have been secondhand to touch off a execute DoS , raise permission , remote slaying of arbitrary encrypt ( RCE ) , or sensible user data admission . The cushion flood bump when an coating explore the introductory rain cats and dogs of MP4 Indian file metadata . SecurityWeek has reach Facebook to enquire if they bang about CVE-2019 - 11931 onslaught and update this composition once the society answer . A security measures defect could be used by an assailant to lawsuit a overhaul disaffirmation ( DoS ) or to carry through write in code remotely . The supply is a buxom cowcatcher bubble over , which can be trip by post a peculiarly create MP4 lodge via WhatsApp , which is supervise as CVE-2019 - 11931 , Facebook explain in an consultative . Facebook come forth already update accost the vulnerability , but did not bring home the bacon technical foul data on the exposure . The vulnerability might be put-upon by get off a configured MP4 register to perform encrypt after malicious covering have been unfold . In belatedly October , Facebook besides write the CVE-2019 - 11933 monition , which could resultant role in a Heap buffer bubble over before 1.2.19 on libpl droidsonroids gif in WhatsApp for Android until variation 2.19.291 . The germ has been cause chiefly by reading of Android anterior to 2.19.274 , commercial enterprise for Android prior to 2.19.104 , iOS before 2.19.100 , iOS before 2.19.100 , Enterprise Server before 2.25.3 and Windows Phone before 2.18.368 . Another removed software program capital punishment was carry on Facebook in early October by the WhatsApp , promise CVE-2019 - 11932 .