Indian researcher Arul Kumar has discovered a security flaw that allowed hackers to remove any image of the profile of a Facebook user without the knowledge or consent of the user.
the flaw has been rated as "critical" and worked operator support Dashboard Facebook, which is used to send pictures of requests to the moving company. These reports are usually to be seen by employees of Facebook or sent directly to the owner of the image with an automatically-generated link to delete the photo. When clicked by the user, the target image is deleted.
The new bug revealed that when sending those images, two parameters were left open and vulnerable. If a hacker changed owners and photo_id PROFILE_ID, they were able to bypass any user interaction and simply delete link sent to their own personal inbox instead.
The owner ID profile can be found with a simple search with Facebook Graph, and each image contains fbid value that can be found in a Facebook URL. Once the photo ID was pinned, two accounts of Facebook users can then be inserted in order to receive the necessary link to delete the image, with one person acting as the sender and the other as a receiver.
Kumar warned that the photo could be taken to a page or user, including shared and labeled images, pictures of groups and pages and images of proposed positions. The researcher has since received a bonus of $ 12,500 through the Bug Bounty program Facebook and the company said that the error has been corrected.
If you are concerned about the security of your personal data, then a VPN service can offer you added peace of mind when surfing the web. A VPN allows your computer an extra layer of protection when you use the Internet, helping to ensure that the information stored on your device stays securely defended against external forces trying to access it.
0 Komentar