Facebook has patched a bug that could have allowed attackers to spy on users. A security researcher at Google Project Zero discovered the bug in the Android version of Facebook Messenger. The bug existed in the app s implementation of WebRTC, a protocol used to make audio and video calls. Facebook has had a bug bounty program since 2011; the company says it’s one of the three highest ever awarded to a researcher who identified the bug. The company says the bug was fixed on Nov. 19; the bug has been fixed server-side.
Source: https://threatpost.com/facebook-messenger-bug-spying-android/161435/