Facebook patches vulnerability that could have exposed usera data

Alfred Osborne
November 15, 2018

Facebook had a bug that allowed websites to catch data from user's profiles, such as their interests and likes, with them being unconscious about the vulnerability.

"This allowed information to cross over domains - essentially meaning that if a user visits a particular website, an attacker can open Facebook and can collect information about the user and their friends", Masas said.

Facebook fixed the issue in May and there's no indication that the flaw was successfully exploited by hackers. Get out while you still can. "Bugs are usually found to circumvent authentication bypasses to gain access to personal information, but this bug enables attackers to exploit Facebook's use of iFrames to leak the user's personal information", Masas added. "This is especially unsafe for mobile users, since the open tab can easily get lost in the background, allowing the attacker to extract the results for multiple queries, while the user is watching a video or reading an article on the attacker's site", he explained.

The attack would surely not work if users have two-three tabs opened in their desktop browser and they see a new Facebook tab being opened, but since most users tend to keep a large number of tabs in the tab bar, there's a high chance most users won't even see the attack going on -especially if they're focused on the attacker's malicious page, which should be easy if the page delivers a game, news article, or video.

Imperva, a cybersecurity company, discovered the flaw and disclosed it to Facebook in May.

For an attack to have worked, a hacker would've had to trick a person logged in to Facebook into opening up a malicious website.

News for the Oil and Gas Sector
The IEA says there remain "mixed signals" on the pace and direction of change in the power sector. However, even with that growth, renewables will still account for only 12.4% of the energy pie.

Raj scores fifty as India post facile win over Pakistan
Pakistan women cricket former captain Bismah Maroof has revealed how her sinus problem nearly ended her cricketing career. PAKISTAN 133 for seven off 50 overs (Bismah Maroof 53, Nida Dar 52; Poonam Yadav 2-22, Dayalan Hemalatha 2-34).

Limiting social media to 10 minutes a day can improve mental health
The study says that there is a direct link between an increase in social media use and the user's emotional state. At the end of the study, the limited group was clearly benefitted from self-monitoring.

Facebook search wasn't set up at the time for protection against cross-site request forgery, which means that it inherently trusted the browser that you used to navigate the site. By manipulating Facebook's graph search, it was possible to craft search queries that reflected personal information about the user.

Attackers could determine in what place and in what country made photo users, as well as having access to read messages from users with a specific text.

News of the bug comes amid increased scrutiny for Facebook following a string of data privacy scandals. An error was identified in may, then they reported it to management Facebook.

"We appreciate this researcher's report to our bug bounty program", said a Facebook spokesperson today in a statement.

"Like the data exposed in the Cambridge Analytica breach, this data is attractive to attackers looking to develop sophisticated social engineering attacks or sell this data to an advertising company".

Other reports by

Discuss This Article