Casa > cibernético Notícias > New Facebook Bug May Expose Private User Data

Novo bug do Facebook pode expor dados de usuários particulares

Especialistas em segurança descobriram um novo bug do Facebook que permite que usuários mal-intencionados sequestrem dados confidenciais de usuários da rede social. De acordo com as demonstrações de prova de conceito, o problema permite que os hackers explorem uma fraqueza no serviço através de solicitações do navegador. The issue was disclosed to Facebook whose security team is resolving the bug.

The Newly Announced Facebook Bug Allows Hackers to Hijack Private Data

A recently published anúncio concerning Facebook security warned that a new vulnerability was identified in the social network. The cause of concern was found within the code of the web page — it contained specific HTML iframe elements that are used to track the users. They are an essential part of the site and also use calls functions across the web service. Upon further analysis the issue has been discovered. As a result of it a proof-of-concept attack scenario was uncovered:

  • The Facebook search engine expects a GET request which is filled with the necessary values from the user’s search query. It was found to be not protected from cross-site request forgery.
  • The Facebook users will be tricked into opening a malicious site and interact in any area of it. This is required in order to run a JavaScript script.
  • This will open a pop-up or a new tab instance which will interact with the Facebook search page.
  • The malicious scripts can manipulate the requests in order to acquire any information that can be accessed through this function.
relacionado: [wplinkpreview url =””]Facebook privadas Mensagens para venda após 81,000 Contas foram cortados

As a result of the search results the malicious operators can gain information about both the do utilizador e outro contacts in their friend list. The security researchers note that mobile users are the most affected as open tabs and other elements can easily be ignored in the background. This allow hackers to simultaneously run multiple queries when the victim is doing other actions.

We remind our readers that Facebook is constantly being targeted by various hacking collectives and using creative methods. Um exemplo recente é a [wplinkpreview url =””]Facebook friend request forwarding scam which is still being used actively by criminal collectives worldwide. Due to the timely private bug disclosure to Facebook their security team has been working on resolving the issue and o far no exploits have been reported.

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar