Facebook has fixed a critical flaw in the Facebook Messenger for Android messaging app. Natalie Silvanovich of Google’s Project Zero reported the bug to the Facebook bug bounty program. The bug could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).
Source: securitymagazine.com