Facebook pays $20K for easily exploitable flaw that could have led to account hijackings

Facebook has paid out $20,000 for a serious bug that could have allowed an attacker to hijack anyone's account with ease, with no user interaction on the part of the victim.

http://nakedsecurity.sophos.com/2013/06/28/facebook-pays-20k-for-easily-exploitable-flaw-that-could-have-led-to-account-hijackings/
Facebook fixes serious bug
Jack Whitten, the UK-based application-security engineer (by day) and security researcher (by night) who discovered the flaw, said in a post mortem on Wednesday that he reported the hole to Facebook on 23 May and that it was fixed by 28 May.

The exploit was enabled by manipulating the way that Facebook handles updates to mobile phones via SMS.

Facebook bug fixed | Naked Security

Tags: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)