The vulnerability was discovered in July by the Indian security firm XY Sec. The firm s founders, Aditya Gupta and Subho Halder told Bloomberg that Facebook must have considered the bugs serious because they paid XY Sec five times the typical $500 bug bounty price. A Facebook spokesperson, Fred Wolens, told Bloomberg it appeared as if the vulnerability had not been exploited and that no users were impacted by it. It’s not clear why the network’s security team took five months to fix the troubling bug.
Source: https://threatpost.com/facebook-patches-webcam-snooping-vulnerability-123112/77355/