Had something pop up on your wall or the wall of your friends that didn’t look quite right? There’s a good reason. There is apparently a cross-site scripting vulnerability that is allowing messages to be posted to people’s walls without their knowledge or consent.
According to Symantec, it’s a vulnerability in the mobile API version of Facebook, due to “insufficient JavaScript filtering”. What you’re getting in return is an automatic redirect to a URL containing the JavaScript, whereby an unknowing user will visit a site while also logged in to Facebook, thus posting a message to their wall.
Facebook is reportedly working on a fix for the issue, though Symantec is presently warning users to log out of their Facebook accounts unless they are actively using the site to prevent the cross-site script from having access.
According to Symantec, it’s a vulnerability in the mobile API version of Facebook, due to “insufficient JavaScript filtering”. What you’re getting in return is an automatic redirect to a URL containing the JavaScript, whereby an unknowing user will visit a site while also logged in to Facebook, thus posting a message to their wall.
Facebook is reportedly working on a fix for the issue, though Symantec is presently warning users to log out of their Facebook accounts unless they are actively using the site to prevent the cross-site script from having access.
Comments
Post a Comment