Facebook Patches Authentication Flaw

Pulkit Chandna

Facebook has patched a flaw that could have let malicious websites gain unauthorized access to a FB user’s private data. A malicious website posing as a legitimate site - one with data access permissions - could not only have gained data access rights at  par with that legitimate site, but it was also possible for it to “post phishing messages on Facebook on the user's behalf,”  according to one of the researchers who brought the flaw to Facebook’s attention. Researchers Rui Wang and Zhou Li, who discovered the bug, chose to practice responsible disclosure and alerted the social networking site a couple of weeks ago. However, they did demonstrate the vulnerability in a YouTube video (below).

Around the web

by CPMStar (Sponsored) Free to play

Comments