Wednesday, October 18, 2017
Home / Security / Exploits / Facebook Vulnerability allows any picture to be deleted

Facebook Vulnerability allows any picture to be deleted

A security researcher has released a bug that would let anybody erase any photograph from Facebook, whether the photo was yours, mine, or Zuckerberg’s — and was given a large sum of cash for the uncovering.

Facebook’s white hat program states, those who discover bugs and follow Facebook’s rules in reporting them are paid a bounty. The minimal bounty for any bug is set at $500, with Facebook giving more supported on the bug’s severity.

In the researchers report of this bug, security researcher Arul Kumar says he was paid a whopping $12,500.

The vulnerability relied on a weakness in Facebook’s support, which allows a user to see the condition of reports they have sent for review.  Whenever a user reported a photo and Facebook determined not to forcibly erase it, that user would get a link that let them send a speedy takedown request whoever had uploaded the image, including a delete button.

Video demo of the vulnerability.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …