Vulnerabilities found in video conferencing mobile applications allowed attackers to listen to users’ surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps. The bugs are now all fixed, but before being patched, they made it possible to force targeted devices to transmit audio to attackers’ devices without the need of gaining code execution.
Source: https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/