Messenger Group Call DoS for iOS | Signal 11
Messenger is used by hundreds of millions of people globally, and as of December 2023, it has adopted end-to-end encryption (E2EE) by default for chats and calls. However, when a group chat is created, it initially does not use E2EE. Interestingly, non-E2EE groups have access to certain features that are unavailable in their E2EE counterparts. One such feature, highlighted in this write-up, is the ability to send emoji reactions within group calls.
This write-up aims to illustrate the process of discovering a denial-of-service (DoS) bug that affects Messenger for iOS. The bug was originally identified in version 472.0.0, while the analysis was conducted on version 477.0.0 using an archived copy of the Messenger .ipa file installed via TrollStore. This issue has since been patched and is not present in the latest version of Messenger for iOS. However, installing older versions of Messenger can allow you to reproduce the bug.
The ability to send emoji reactions in group calls is demonstrated in the GIF below. As shown, users can add a reaction to the video stream, which is displayed to the recipient in the top right corner.
