M.J. Keith, a senior security analyst with AlertLogic has detected a new bug in Facebook that facilitate an attacker to modify the content of a user. Ther user is basically made to click on a link where he is forwarded to a malicious site containing a Javascript applet that makes use of cross-site request forgery flaw.
According to the security advisory released on Wednesday by AlertLogic, the bug was spotted last week, and Facebook has been notified of it immediately. Three days later the social network confirms it has fixed it, but additional testing executed yesterday by Keith show that the bug is still present.
IDG News reports that Keith had created a simple Web page containing an invisible iFrame, and when they clicked on the page while being logged into Facebook, they have automatically “liked” several pages.
Promotion : Download Men's Journal
Dec. - Jan. 2012 Issue