Facebook has patched a bug in its Messenger for Android client, which would have allowed an attacker to listen to the target’s surroundings even without his consent .
To exploit this, both parties have to be friends on Facebook already, and one should initiate a Messenger call to the other. He then sends a customized message to trigger the bug and listen to others before lifting the call.
Google Spots Facebook Messenger Bug
Natalie Silvanovich , a researcher from Google’s Project Zero, has discovered a critical bug in Facebook’s Messenger for Android, which would allow a malicious user to spy on his friend’s surroundings by listening through a Messenger call.
Technical details of the Facebook calling bug https://t.co/wwL9gedW8c — Natalie Silvanovich (@natashenka) November 19, 2020
