[ad_1]
Facebook fixed a security flaw in its Messenger platform app for Android that allowed attackers to spy on users without their knowledge. The vulnerability was discovered by Natalie Silvanovi, a security researcher with Google’s Project Zero security team. In a Twitter post, Silvanovi قالت said Facebook gave him $ 60,000 as a reward for reporting the issue.
Platform update
A Google researcher reported the issue to Facebook last month and the company fixed it through a server-side update to the Messenger platform. She explained: The vulnerability exists in the way the WebRTC protocol is applied, which the Messenger platform application uses to make voice and video calls.
Facebook, which also donated $ 60,000 to GiveWell, said: The Silvanovi Prize is one of our three highest prizes of $ 60,000, reflecting its maximum potential impact.
Previous vulnerabilities
In previous years, Silvanovic has also encountered similar issues with other instant messaging applications, which is one of his areas of expertise. In October 2018, he discovered a bug in the Android and iOS WhatsApp app that would allow attackers to take control of the app, after the user answered a video call. In July 2019, the researcher discovered four non-interactive errors in the iMessage app and in the same month, she discovered a fifth iMessage bug that could have been used to sabotage iPhones.
[ad_2]
Source link
