Three young Lebanese security professionals have discovered serious security flaws in Facebook services, which they deserve to honor the company that quickly repaired the holes discovered.
Fayad Atwi, Qassim Bazoun and Hamza Bazoun, in an interview with the Arab Technical News Portal, said the gaps reported were processed and allowed to publish their details after receiving a financial reward and the inclusion of the team name in the 2017 website list.
The three security researchers said there were more security holes they had discovered and are being reformed at the moment, so they are not authorized to disclose them before the process is over.
As for the gaps, researchers who run a semicolon programming and security company explained that the first flaw was discovered in Facebook's instant messaging application, Messenger, which targets all users of the service and applies it to all platforms, including the web version and mobile applications .
The risk of this loophole lies in the fact that it stops the Messenger service and Facebook messages, and prevents the user from entering the Messenger application or its website, in addition to the social messaging section, permanently by disrupting the work of the server responsible for displaying messages.
The second loophole was the Facebook-based photo sharing application, Instagram, which targets users who link their accounts with Facebook. The vulnerability leads to the capture of the Instagram account completely and changes all its settings.
The team explained that this vulnerability exists specifically in the feature of connecting Facebook pages to the page's Instagram account, which no page manager is allowed to access or modify its settings (except the primary account holder).
Security researchers believe that the danger of this loophole lies in the possibility of applying to global figures and the media and other influential accounts, and the impossibility of retrieving the account without a formal request to the management of Facebook.
The researchers discovered a third flaw in the Facebook page's publication system, and it was dangerous to go beyond the powers of the page administrator.
The team explained that this vulnerability allows those who want to publish an offensive publication on a page to do so without the control of their director. However, page managers usually block such publications from the rest of the page followers or activate the review feature and approve their publication or rejection. The gap prevented it.
ليست هناك تعليقات:
إرسال تعليق