Facebook mends security flaw that threatened users



The latest update to Facebook's mobile app has fixed a security flaw that could have seen users' mobile phone bills suddenly increase.

The vulnerability made it possible for scammers to cause a denial-of-service attack on the device or run up the victim's phone bill by transferring large amounts of data to and from the handset.

Researchers at a foundation in Argentina discovered the flaw, which lies in the way the app handles HTTP requests. As part the video playback process, the app's HTTP server will accept requests from any client, making it vulnerable to attack.

"The application embeds a generic HTTP server component that is used as a caching proxy for playing video recordings. This server is misconfigured and accepts requests from any client, local or remote, allowing attackers to connect to it and use a victim's device as an open proxy. As a result, among other things, an attacker could carry out various forms of denial of service attacks such as filling up the device's storage or running up the subscriber's data transfer limit over 3G or LTE networks," the report said.

The update also fixes two other security flaws within the Facebook app, one that allows attackers to intercept video content and another that could leak audio recordings of chat messages. The latter issue was also present in the Facebook Messenger application for Android.

The Facebook app vulnerabilities were fixed with the release of version 13.0.0.13.14 earlier this month.




More

Jon Stewart Takes Over the Late Show, Rips Donald Trump Apart

Watch Jon Stewart call Donald Trump an “angry groundhog” in his incredible take-down on the Late Show.

The New Wonder Woman: More Than a Stereotype?

The next DC product to be delivered by director Zack Snyder is all set to hit theatres in June 2017.

This Is What We’d Look Like If We Evolved to Survive Car-Crashes

Humans were not modelled to survive car accidents but if they were, they would not make a pretty sight.