"WhatsApp Vulnerability Could Compromise Android Smartphones"

Some new research has revealed that WhatsApp has a remote code execution (RCE) flaw.  This flaw could be used to compromise not only the app but the mobile device the app is running on.  The critical issue (CVE-2019-11932) affects users of the Android versions of the app, specifically versions 8.1 and 9.0 although not, apparently, version 8.0 (Apple’s iOS doesn’t appear to be affected).  The  attack would involve first sending a malicious GIF image using any channel, that is by email, a rival messaging app, or sent direct through WhatsApp itself.  If WhatsApp is being used, and the attacker (or hapless intermediary) is on the contacts list of the user as a friend, this GIF would download to the device automatically.  Execution of the flaw would happen when the recipient subsequently opens the WhatsApp Gallery even if no file is selected or sent.  The exploit can allow an attacker to receive a full reverse shell, with root and complete access to all the files on that device, its SD Card, and what appears to be the WhatsApp message database.

Naked Security reports: "WhatsApp Vulnerability Could Compromise Android Smartphones"