Facebook fixed a dangerous flaw in the Android version of Facebook Messenger which gave attackers the ability to spy on users and potentially identify their surroundings without them knowing.
In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call clicking the accept button. But the recently patched vulnerability of Facebook Messenger for Android stipulated that SdpUpdate message could cause audio call to connect before callee has answered the call.
Natalie Silvanovich, the security researcher at Google Project Zero who discovered this vulnerability, explained:
“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
Check the source.
Read More
- Explosive Phishing Attack Targets Financial CompaniesResearchers warn about a new phishing attack targetting employees in financial services, using a poisoned Excel file. This Phishing […]
- BEC Scams: New Unit 42 Report Reveals Concerning FiguresPalo Alto’s Unit 42 just dropped a new report on BEC scams – business email compromise is one of […]
- This Phishing Scam Is After Your Microsoft 365 Account PasswordsA newly discovered phishing scam called TodayZoo sends out URLs to spoofed Microsoft 365 login pages. The Phishing Scam […]
- Massive Account-Stealing Phishing Scam Targeting YouTube CreatorsGoogle discovered an extensive cookie-swiping phishing scam targeting YouTube content providers and stealing accounts. A new report from the […]
- $5.2B In Bitcoin Ransomware Transactions Paid in First Half of ’21, New Report RevealsA new report shows that organizations paid a staggering $5.2B in Bitcoin in 2021 H1 to cybercriminals. Additionally, ransomware […]
