18 minutes ago
Another security vulnerability has been reported in facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk.
discovered by cybersecurity researchers from imperva, the vulnerability resides in the way facebook search feature displays results for entered queries.
according to imperva researcher ron masas, the page that displays search results includes iframe elements associated with each outcome, where the endpoint urls of those iframes did not have any protection mechanisms in place to protect against cross-site request forgery (csrf) attacks.
it should be noted that the newly reported vulnerability has already been patched, and unlike previously disclosed flaw in facebook that exposed personal information of 30 million users, it did not allow attackers to extract information from mass accounts at once.
how does the facebook search vulnerability work?
to exploit this vulnerability, all an attacker needs to do is simply tricking users into visiting a malicious site on their web browser where they have already logged into their facebook accounts.
searching something on facebook seems less lucrative, especially when the exploit code returns the result in just yes or no.
#cybersecurity #security #hacker #hacking #infosec #technology #tech #cyber #linux #python #coding #iot #java #privacy #malware #encryption #php #programmer