So what is the big change? Well Facebook now allow iframes to be included inside Facebook apps on page tabs, meaning that all that Facebook proxying can be avoided. While this is no doubt great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too.
No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes.
Of course Facebook ask their developers to agree to a code of conduct that prohibits such activities, but when it comes to criminals, that's a bit like taking a driving license away from a joyrider.
I have informed Facebook of this oversight in their new functionality and will update this blog posting if I hear back from them.
Thanks to Stig Edvartsen for his eagle-eyes and Heidi Obschil-Müller for the iframe
News Source : https://mcaf.ee/b81e2