Little Doctor: Hackers who want to gain access to popular chat applications to use the camera and user sound can do it very easily by using a worm published online.
At this time it is still zero day, which means that the security gap has not been repaired. 
The framework, named “Little DoctorIs a super weapon that can violate JavaScript-based chat applications. So many popular chat applications are at risk because of their architecture. Services that have been developed in Electron, or that contain a built-in webview, are in a very difficult position.
Let's say that application Rocket Chat released a patch 13 hours after the reveal, and Ryver within a day. And the Slack app uses WebViews, though, so it seems to be safe.
Australian hacker Shubham Shah and former co-worker Matt Bryant developed the framework worm and found an unpatched Microsoft Azure Storage Explorer zero day.
“This worm is cross-platform, and it can steal archives από όποια εφαρμογή έχει πρόσβαση στα APIs του WebRTC, and Cordova APIs,” Moloch said at the Kiwicon hacking conference held in Wellington.
The team uncovered the error in Microsoft, but after 90 days, it did not receive a response.
The trio didn't stop there, having found and demonstrated the exploit in the Rocket Chat and Ryver apps, turning a cross-site scripting attack into remote code execution for container apps.
See PoC and download Little Doctor
The Little Doctor framework is available in GitHub for all security researchers and their penetration testers.
