The critical RCE vulnerability (CVE-2019-2107) resides in the Android media framework, which if exploited, could allow a remote attacker to execute arbitrary code on a targeted device. To gain full control of the device, all an attacker needs to do is tricking the user into playing a specially crafted video file with Android’s native video player application. If such malicious videos are received through an instant messaging app like WhatsApp or Facebook Messenger or uploaded on a service like YouTube or Twitter, the attack won’t work.
Source: https://thehackernews.com/2019/07/android-media-framework-hack.html