A security flaw in a popular video calling software development kit could have allowed an attacker to spy on ongoing private video and audio calls. McAfee disclosed the flaw to Agora.io on April 20, 2020, following which the company released a new SDK on December 17, 2020. The security weakness could have been leveraged by bad actors to launch man-in-the-middle attacks and intercept communications between two parties. There’s no evidence that the vulnerability was exploited in the wild, but the development underscores the need for securing applications to safeguard user privacy.
Source: https://thehackernews.com/2021/02/agora-sdk-bug-left-several-video.html