being friends on Facebook),” says Facebook. “To exploit this issue, an attacker would have to already have the permissions to call this particular person by passing certain eligibility checks (e.g. Fortunately, some conditions had to be met for the vulnerability to be exploited. It was also possible to send a custom message by using some reverse-engineering tools. In this case, attackers could have received audio data until the recipient of the call answered or the call timed out. Vulnerabilities that don’t require any interaction from the victim are the most dangerous. The severity of the bug prompted Facebook to award one of the largest bounties ever. A Google Zero security researcher discovered a Facebook Messenger bug that allowed attackers to initiate a call and begin listening as soon as it started ringing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |