Thursday 19 March 2015

Facebook Close Leak Of Private Photos Within 30 Minutes


A vulnerability that allowed malicious Facebook apps access to private photos of Facebook users were able to get within 30 minutes poem after the social networking site was informed, as the researcher who discovered to know the problem. The mobile app of Facebook offers the option to sync photos to the smartphone via the "Sync photos option." This makes it possible to 2GB of photos to Facebook to backup.

The photos remain private and protected until the user decides to publish them. According to researcher Laxman Muthiyah able to synchronize photos via the app on some phones by default. Most users would not know this. To access the private photos stored the Facebook server requires an access token. However, it was not looked at the application that made ​​the request.

This would allow all applications on the smartphone with the user_photos-permissive access the stored photos. The researcher suggests that many Facebook apps that require this permission to read public pictures of the user. Through the vulnerability however they would not be able to access unpublished private pictures. After Muthiyah problem with Facebook reported was rectified within 30 minutes and got the researcher rewarded $ 10,000.

No comments:

Post a Comment