Level 16
Facebook fixed a critical flaw in the Facebook Messenger for Android messaging app that allowed callers to listen to other users' surroundings without permission before the person on the other end picked up the call.

Facebook Messenger for Android has been installed on more than 1 billion Android devices according to the app's official Play Store page.

This bug could be exploited by attackers by sending a special type of message known as SdpUpdate which would cause the call to connect to the callee's device before being answered.