strangetruenews

Flaw in Sync photos feature on Facebook mobile app

A new flaw has been detected by a hacker in Facebook, which allows any malicious application to view your synced mobile photos. Sync photos...


A new flaw has been detected by a hacker in Facebook, which allows any malicious application to view your synced mobile photos.

Sync photos feature allow users to sync their mobile photos with their Facebook account, and it remains private until you publish it. But by default this feature is turned on  in many mobile phones.

Laxman Muthiyah, found that "vaultimages" endpoint of Facebook Graph API is handling these synced photos, and this endpoint is vulnerable.

Facebook app would  retrieve the synced photos using a top level access token making  an HTTP GET request to a specific URL enabling a malicious app to read all your private photos in seconds.

Laxman Muthiyah, reported this flaw to Facebook Security Team, they pushed a fix in less than 30 minutes, and rewarded him $10,000 USD as a part of their bug bounty program.

Related

Vulnerability report 8930799530548525086

Post a Comment Default Comments Disqus Comments

emo-but-icon

Weather Today!

Read More News

Random Article

Hot in week

Popular Posts

Recent

STN

Comments

item