CYBER NEWS

Persistent Vulnerability in Facebook Messenger App for Windows

A vulnerability in the Facebook Messenger application for Windows was just discovered by Reason Labs security researchers.

The vulnerability is present in Messenger version 460.16, and it could allow attackers to exploit the app to execute malicious files already present on the targeted system. This could then help malware obtain persistent or extended access to the victim’s system.

The good news is that Facebook has already fixed the bug with the release of an updated version of the application via the Microsoft store.




Facebook Messenger App Vulnerability

According to the researchers, the app executes code that shouldn’t be executed, which leads to a vulnerability allowing attackers to hijack a call for a resource within the Messenger code in order to run malware:

By testing the new “Messenger” desktop application, the researchers came across a strange call to load the Powershell.exe from the Python27 directory. Upon noticing that, they knew they found something since the location of “Python27” is in the “c:\python27” directory, which is a low-integrity location. This means that every malicious program can access the path without the need of admin privileges.

Related:
The access was in the form of a one-time extension so that the companies could update their apps to comply with a Terms of Service change.
Facebook Admits It Gave Access to User Data to 61 Tech Companies

The researchers decided to create a reverse shell with msfvenom and a listener with Metasploit just as a POC (proof-of-concept). Once the reverse shell was created, it was transferred to the c:\python27 directory and its name was changed to Powershell.exe which enabled them to hijack the call.

We ran our listener on the attacker machine so it would be ready to get the reverse shell connection from the victim machine. Then we executed the “Messenger” application and got the reverse shell connection, the Reason Labs team says in the report.

What is worse is that the vulnerability is also described as a “persistent threat” that can give attacks undetected access for an extended period of time. Fortunately, it has now been fixed.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...