Facebook has fixed a bug in the Messenger app for Android that allowed a remote attacker to call anyone
The vulnerability could give an attacker who entered theapplication, the ability to simultaneously call and send a special message to the target. This provoked a scenario in which the caller will gain access to the microphone until the subscription answers or until the call timed out.
Facebook security manager Dan Gurfinkel noted that they've already fixed the bug. However, they have no data on how many hackers took advantage of the vulnerability.
Messengers have become the most popular applications in Russia
According to Silvanovich's technical note,The flaw lay in WebRTC's Session Description Protocol (SDP), which defines a standardized format for exchanging streaming media between two endpoints. It allows an attacker to send a special type of message known as an "SdpUpdate" that will force a connection to the caller's device before they answer the call.
This vulnerability has been compared to a bug thatfound in Apple's FaceTime group chats last year. It allowed users to initiate a FaceTime video call and eavesdrop on their interlocutors. The company noted that they have fixed this error.
Read also
A meteorite fell on an Indonesian house. Its owner became a millionaire
Neurons in the human brain and the network of galaxies are similar
Due to plate movement, the Pacific Ocean floor is now deep under China