The vulnerability was initially found by McAfee in April 2020 when they were conducting a security audit for temi. After investigating, researchers found that other applications were also infected by the bug and they notified Agora. McAfee waited to publicly release details of the vulnerability until Agora had released a new SDK in December 2020 that is not vulnerable to the same bug, and software developers who use Agora had been notified that they needed to update to the new version of the SDK. It is unclear which applications have implemented the new SDK. Anyone using any of these applications for communications should ensure that the new SDK has been implemented by the company before continuing the use of the application. Since the attacker has to have access to the victims’ network, an initial infection using a different vector, such as a malicious email attachment that installs a backdoor, would likely have to be carried out before the attacker could exploit this bug. To prevent infection on a network, companies should have monitoring in place such as Binary Defense Managed Detection and Response to identify when attackers are trying to infiltrate a network and work to stop intrusions before they have the chance to escalate to major incidents.

More can be read here: https://www.zdnet.com/article/bug-in-shared-sdk-can-let-attackers-join-calls-undetected-across-multiple-apps/