"The vulnerability was a logic bug in the FaceTime calling state machine" - the part of the app that determines whether a call is connected or not - "that could be exercised using only the user interface of the device," Silvanovich wrote. Silvanovich's research into these messenger apps follows on a similar flaw in Apple FaceTime on iOS and macOS that was discovered in January 2019. "This is an area for future work that could reveal additional problems." "I did not look at any group calling features of these applications," she wrote. However, Silvanovich pointed out that she looked only at one-to-one calling functions. In November 2018, she disclosed a similar flaw in the Android and iOS versions of WhatsApp (opens in new tab) that was quickly fixed. Silvanovich wrote that she also examined Telegram and Viber, two other widely used encrypted-messaging apps, but found no issues with calls being connected without the call receiver's knowledge. If you use any of these apps, make sure they're up-to-date. The other four Android apps were patched more recently: JioChat (widely used in India) in July 2020, Mocha (widely used in Vietnam) in August, Facebook Messenger in November and Google Duo in December 2020.
0 kommentar(er)
