You can now find Cyber Kendra on Google News!

A Year Old Vulnerability in Facebook Still Unpatched

Facebook bug unpatched, facebook security, Facebook hacker, hacking Facebook , Facebook spamming, security of Facebook , bugs on Facebook , unpatched bug on Facebook , Facebook security tips, Facebook advertising tips
Facebook bug unpatched, facebook security, Facebook hacker, hacking Facebook , Facebook  spamming, security of Facebook , bugs on Facebook , unpatched bug on Facebook , Facebook  security tips, Facebook advertising tips
A security flaw in Facebook which was earlier reported under the Facebook bug bounty program is still resides and attacker can still perform the vulnerability. The vulnerability works for some users profiles and allow posting in the timeline by using facebook apps token codes.

Researcher Vivek Bansal, who had found the bug in 2013 and reported the issue to Facebook team, and in the response Facebook awarded him $2,000 as a bounty reward and also added his name in Facebook Hall-of-Fame.  But After a year, Vivek once again re-check the issue and found that the issue still resides on Facebook, that he had  reported earlier. 

Response of Facebook Team
After re-validating the bug, Vivek once again report it to Facebook, but this time Facebook response was unexpected. The security team from Facebook replied that they were aware that the abuse was still possible in a number of cases. Instead of implementing a patch, the developers created native Share Dialog that allows users to share content from third-party mobile apps without having to disclose sensitive information, such as log-in credentials, with the app.

As there are millions of users who are accessing Facebook via mobile device and this vulnerability leaves the door open for spamming the timeline.
“This system is widely used, but there are a few cases where people use other ways to share. When fewer developers host these dialogs themselves, the situation will improve,” Facebook security team told Bansal in a recent email.

“For now, we’ve implemented a number of systems that help us prevent, detect, and respond to any unwanted posting to people’s Timelines. We use automation to catch abuse, and if we were to find any, we would remove the app and the post(s) immediately and contact the app stores to remove the app,” they added.

Video Demonstration of the Bug

6 comments

  1. Php Developers India
    Grate sites for any information go on our sites this is the best sites
  2. Development Services
    nice sites for taking more information go on websites
  3. Seo Company India
    very nice sites for use
  4. Wonderful blog & good post..Its
    really helpful for me, awaiting for more new post. Keep Blogging ! White Hat World lll
  5. Wonderful blog & good post..Its
    really helpful for me, awaiting for more new post. Keep Blogging ! White Hat World
  6. Wonderful blog & good post..Its
    really helpful for me, awaiting for more new post. Keep Blogging ! White Hat World ///