Main Vulnerability Database Vulnerabilities #VU49849

#VU49849 Race condition in Facebook Messenger

Published: January 20, 2021

Vulnerability identifier: #VU49849

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Facebook Messenger

Software vendor:
Google

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition within the way the mobile application implements WebRTC features for voice and video communications. A remote attacker can send specially crafted SDP messages to the affected device while the victim is trying to make a voice or video call and intercept video and audio fragments from the victim's phone before the call is accepted by the callee.

Remediation

Install updates from vendor's website.

External links

https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/

#VU49849 Race condition in Facebook Messenger

Description

Remediation

External links

Please verify you're human