CVE-2020-20093

Name of the Vulnerable Software and Affected Versions Facebook Messenger versions 227.0 and prior Facebook Messenger for Android versions 228.1.0.10.116 and prior

Description The user interface of the Facebook Messenger app does not properly represent URI messages to the user, resulting in URI spoofing via specially crafted messages. This issue affects multiple messaging platforms, including iMessage, WhatsApp, Instagram, and Facebook Messenger. It is noted that Telegram has patched this issue earlier, and Signal is in the process of fixing it.

Recommendations For Facebook Messenger versions 227.0 and prior, update to a newer version to resolve the issue. For Facebook Messenger for Android versions 228.1.0.10.116 and prior, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the handling of URI messages in the app until a patch is available. Restrict access to suspicious or unverified messages to minimize the risk of exploitation.