Facebook patches vulnerability that could have exposed usera data

Alfred Osborne
November 15, 2018

Facebook had a bug that allowed websites to catch data from user's profiles, such as their interests and likes, with them being unconscious about the vulnerability.

"This allowed information to cross over domains - essentially meaning that if a user visits a particular website, an attacker can open Facebook and can collect information about the user and their friends", Masas said.

Facebook fixed the issue in May and there's no indication that the flaw was successfully exploited by hackers. Get out while you still can. "Bugs are usually found to circumvent authentication bypasses to gain access to personal information, but this bug enables attackers to exploit Facebook's use of iFrames to leak the user's personal information", Masas added. "This is especially unsafe for mobile users, since the open tab can easily get lost in the background, allowing the attacker to extract the results for multiple queries, while the user is watching a video or reading an article on the attacker's site", he explained.

The attack would surely not work if users have two-three tabs opened in their desktop browser and they see a new Facebook tab being opened, but since most users tend to keep a large number of tabs in the tab bar, there's a high chance most users won't even see the attack going on -especially if they're focused on the attacker's malicious page, which should be easy if the page delivers a game, news article, or video.

Imperva, a cybersecurity company, discovered the flaw and disclosed it to Facebook in May.

For an attack to have worked, a hacker would've had to trick a person logged in to Facebook into opening up a malicious website.

Raj scores fifty as India post facile win over Pakistan
Pakistan women cricket former captain Bismah Maroof has revealed how her sinus problem nearly ended her cricketing career. PAKISTAN 133 for seven off 50 overs (Bismah Maroof 53, Nida Dar 52; Poonam Yadav 2-22, Dayalan Hemalatha 2-34).

Trail Blazers, Lakers meet for 3rd time
James scored 28 points in the second half and vaulted past Chamberlain's 31,419 points on that three-point play with 3:55 to go. Oh, some guy named Michael Jordan, who he should pass later this season.

Canada in talks with Pakistan over possibly taking in Aasia Bibi
Pakistan yesterday rubbished rumours about Christian woman Aasia Bibi's travel overseas after her acquittal in a blasphemy case. The charge also carries the death penalty and critics say the controversial blasphemy law is abused to settle religious scores.

Facebook search wasn't set up at the time for protection against cross-site request forgery, which means that it inherently trusted the browser that you used to navigate the site. By manipulating Facebook's graph search, it was possible to craft search queries that reflected personal information about the user.

Attackers could determine in what place and in what country made photo users, as well as having access to read messages from users with a specific text.

News of the bug comes amid increased scrutiny for Facebook following a string of data privacy scandals. An error was identified in may, then they reported it to management Facebook.

"We appreciate this researcher's report to our bug bounty program", said a Facebook spokesperson today in a statement.

"Like the data exposed in the Cambridge Analytica breach, this data is attractive to attackers looking to develop sophisticated social engineering attacks or sell this data to an advertising company".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER