Security News > 2020 > November > Facebook Pays $60,000 for Vulnerability in Messenger for Android

Facebook Pays $60,000 for Vulnerability in Messenger for Android
2020-11-20 11:48

Facebook this week addressed a vulnerability in Facebook Messenger for Android that could have allowed an attacker to connect to an audio call without user interaction.

To reproduce the issue, both the attacker and the receiver need to be logged into Facebook Messenger on their devices.

The target needs to be logged into Facebook in a browser, with the same account, which "Will guarantee call set-up uses the delayed calls to setLocalDescription strategy," the researcher explains.

The code was tested on Facebook Messenger for Android version 284.0.0.16.119.

Silvanovich reported the vulnerability to Facebook in early October, and a patch was released on November 17.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/MddYn6wE2O0/facebook-pays-60000-vulnerability-messenger-android

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111