Facebook flaw allowed hackers to delete posted photos

  • 3 September 2013
  • 1 reply
  • 676 views

Userlevel 7
Charlie Osborne wrote:
 
http://asset2.cbsistatic.com/cnwk.1d/i/tim2/2013/09/02/facebook-cred-cnetuk-600-v1-620x400_610x394.jpg
 
A security flaw that allowed hackers to delete any image stored on Facebook has been discovered by Indian researcher Arul Kumar -- and he has been rewarded for his efforts.
The Facebook flaw, explained in length on Kumar's blog, exploits the Facebook Support Dashboard. Considered "critical," the bug works with any browser and any version, but was most successfully exploited through mobile devices.
 Read here.

1 reply

Userlevel 7
The following is a updated article on Facebook Flaws
 
{Facebook SDK flaw allows unauthorized access to Facebook accounts}
 
By/ HNS Staff/ Posted on 01 July 2014.
 
MetaIntell has uncovered a significant security vulnerability in the Facebook SDK (V3.15.0) for both iOS and Android. Dubbed Social Login Session Hijacking, when exploited this vulnerability allows an attacker access to a user’s Facebook account using a session hijacking method that leverages the Facebook Access

Vulnerable iOS and Android apps build on the Facebook SDK and leverage Facebook for user authentication. Once the app has successfully authenticated to Facebook, a local session token is cached and used to authenticate future sessions. The insecure storage of this session token is what places apps using the Facebook SDK for user authentication at risk of session hijacking.
 


 
Help Net Security/ Full Read Here/ http://www.net-security.org/secworld.php?id=17074

Reply