Facebook has quietly patched a vulnerability in WhatsApp messaging platform, which could be exploited to launch remote-code-execution or denial-of-service attacks on victims. Attackers can exploit the flaw merely by sending a video specifically, a specially crafted MP4 file, Facebook has warned. The flaw (CVE-2019-11931) is a buffer overflow, a type of flaw where a region in physical memory storage that can be overwritten is allocated in the heap portion of memory. A WhatsApp spokesperson told Threatpost that there is no evidence of the vulnerability being exploited in the wild.
Source: https://threatpost.com/whatsapp-remote-code-execution-videos/150360/