Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users’ surroundings without permission before the person on the other end picked up the calls.
The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.
However, before being patched, they made it possible to force targeted devices to transmit audio to the attackers’ devices without the need of gaining code execution.
Read more…
Source: Bleeping Computer