In this blog post, I'm going to share about a double vulnerability I discovered on WhatsApp for Android, and how it turned it into RCE. I reported this to Facebook. Facebook officially recognized and corrected WhatsApp version 2.19.244. Facebook CVE-2019-11932 is reserved for this issue.
The steps are as follows:
0:16 Attacker sends the GIF file to the user via any channels