Facecrooks Security warns of new vulnerabilities as noted below


QUOTE:  For the second time in a month, Goldschlager has found a dangerous loophole in Facebook’s messaging system that could’ve allowed any savvy hacker access to a users’ information.  Goldschlager said, “Even if the victim has never allowed any application in his Facebook account, I could still get full permission on his account via Facebook Messenger app_id.”

Last month, Goldschlager found a dangerous glitch in the system that allowed him to tinker with Facebook URLs and access any users’ information through Facebook’s app system, OAuth, without them even having to approve an app request. It was reported that Goldshlager has again found a very similar loophole on the site and reported it.

“It was a very similar bug (with a similar fact pattern) and, as you can see from the post, we were able to fix it almost immediately. We have provided bounties to over 200 researchers, and Mr. Goldshlager has reported multiple vulnerabilities to us in the past, said Facebook Security Policy Manager Frederic Wolens, speaking to MarketWatch. Wolens further stated that Facebook believes no users were impacted by the bug.