Facebook mends security flaw that threatened users



Related: The truth about apps: users are rich

The latest update to Facebook's mobile app has fixed a security flaw that could have seen users' mobile phone bills suddenly increase.

The vulnerability made it possible for scammers to cause a denial-of-service attack on the device or run up the victim's phone bill by transferring large amounts of data to and from the handset.

Researchers at a foundation in Argentina discovered the flaw, which lies in the way the app handles HTTP requests. As part the video playback process, the app's HTTP server will accept requests from any client, making it vulnerable to attack.

"The application embeds a generic HTTP server component that is used as a caching proxy for playing video recordings. This server is misconfigured and accepts requests from any client, local or remote, allowing attackers to connect to it and use a victim's device as an open proxy. As a result, among other things, an attacker could carry out various forms of denial of service attacks such as filling up the device's storage or running up the subscriber's data transfer limit over 3G or LTE networks," the report said.

The update also fixes two other security flaws within the Facebook app, one that allows attackers to intercept video content and another that could leak audio recordings of chat messages. The latter issue was also present in the Facebook Messenger application for Android.

Related: Samsung wants to take on Oculus Rift

The Facebook app vulnerabilities were fixed with the release of version 13.0.0.13.14 earlier this month.




More

Why President Obama is Hedging On Sony’s North Korea Mistake

Was Obama right in taking Sony to task for not releasing The Interview?

Another Rock Series is Headed to Cable, Thanks to Scorsese and Jagger

New series, along with Cameron Crowe's Roadies, will bring classic rock to cable next year

Kate Winslet May Join Steve Jobs Biopic

Oscar winner may join Michael Fassbender, Jeff Daniels and Seth Rogen in cast