Natalie Silvanovich, a researcher at Google Project Zero, told about bugs in the Signal, Google Duo, Facebook Messenger, JioChat and Mocha messaging apps. If successfully exploited, these vulnerabilities made it possible to transfer audio and video data from the victim's device to the attacker's device, without the need of gaining the code execution.

To date, the developers of messaging apps have already released updates that fix the flaws described by Silvanovich.

For example, with the help of Google Duo bug was possible to leak video packets (the developers fixed the flaw in December 2020), and the Facebook Messenger flaw allowed audio calls connect before the user picks up the phone (fixed in November 2020).

Silvanovich found similar security issues in JioChat and Mocha. It is noteworthy that the researcher tried to find the same vulnerabilities in Telegram and Viber, but these applications have demonstrated a good level of security.

Source: anti-malware.ru