Facebook SDK flaw exposes smartphone users’ accounts at risk

  • 5 July 2014
  • 1 reply
  • 429 views

Userlevel 7
Badge +54
By paganinip on July 5th, 2014
 
http://securityaffairs.co/wordpress/wp-content/uploads/2014/07/Facebook-SDK-300x111.jpg
http://securityaffairs.co/wordpress/wp-content/plugins/facebook-button-plugin/images/standart-facebook-ico.png

Experts from MetaIntell have discovered a critical vulnerability in the latest version of Facebook SDK which exposes millions of Facebook accounts at risk.

Security experts from MetaIntell have discovered a significant security vulnerability in the latest version of Facebook SDK, which affects numerous iOS and Android apps exposing millions of Facebook user’s Authentication Tokens at risk. The researchers dubbed the vulnerability “Social Login Session Hijacking,”, it could be used by an attacker to access victim’s Facebook account information using access token and session hijacking method.
“MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), announced today that it has uncovered a significant security vulnerability in the Facebook SDK (V3.15.0) for both iOS and Android. Dubbed Social Login Session Hijacking, when exploited this vulnerability allows an attacker access to a user’s Facebook account using a session hijacking method that leverages the Facebook Access Token (FAT).” reports MetaIntell in the blog post. Full Article

1 reply

Userlevel 7
Badge +62
Well Jasper nice to know...My IOS had an update to Facebook last night! Haven't checked my Android yet...

Thanks for the report! 🙂

Reply