[ad_1]
Then, they needed to invite them into a Messenger Room via a separate device and Facebook account, make a call and then answer it on the targeted device before clicking chat.
Once these steps were carried out, an attacker would then have access to the victim’s Android device – without the need to unlock it.
The bad actor could then rummage through the victim’s personal photos and videos, as well as publishing posts on the target’s Facebook account.
While this exploit required physical access to a target’s Android phone, the fact it was able to bypass any need to unlock the device made it a potentially nasty and dangerous threat.
Facebook went on to reward Aryal a $3,150 bounty for bringing the issue to their attention, which they swiftly patched.
[ad_2]
