Signal fixed a bug that could have allowed attackers to eavesdrop on victims by placing and then immediately auto-answering a call, without the callee’s permission. The bug is reminiscent of Apple’s FaceTime bug discovered in January, which similarly allowed attackers to eavesdrop on other iPhone users by placing and auto-approving a FaceTime audio or video call. This time, the bug only works via Signal audio calls, and not video, as the Signal app requires users to manually enable camera access in all calls.
Source: ZDNet
