The Hacker News Logo
Subscribe to Newsletter

Facebook Vulnerability - Beware of A New XSS on Facebook !

Facebook Vulnerability - Beware of A New XSS on Facebook !


Url : https://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt=%3Cscript%3Ealert%281
%29%3C/script%3E
New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL.

I have already saw this flaw in the last few days, many of my friend list are posting some strange things on the wall and by Just visiting the infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user.

There is no user interaction required, so the messages are spreading through Facebook at a fast pace. Facebook’s security team has been notified about the vulnerability and is working on a fix. Hopefully it will be issued soon, since the attack seems easy to recreate.

Symantec advises users to log out of Facebook when they are not actively using it or to use script-blocking add-ons to prevent the attack.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.