It looks like Facebook is still vulnerable when it comes to bugs despite the company’s improvement programs. On Thursday, it was announced that Messenger had a bug that let potential hackers see who you had conversations with.
Imperva, a cybersecurity company, stated that the Facebook Messenger flaw allowed attackers to determine who you were chatting with. According to Ron Masas, the security researcher who discovered the bug, while the flaw didn’t show the content of the messages, it can still harm a user’s privacy and put him at risk. “It could be sent to high-profile targets,” Masas added.
On the other hand, Facebook said it fixed the bug. According to a Facebook spokesperson, the company has already updated the Messenger web version to ensure that this type of issue won’t happen in their apps.
Masas reported that the bug was driven by analyzing iFrames – the code used to embed content on YouTube and other video pages. The researcher said that Messenger loaded numbers of iFrames for people you’ve had talked with. Facebook removed iFrames altogether to fix the flaw.
In a lengthy note that comes after Masas announced the bug, Mark Zuckerberg stated his plans for the network, which includes encrypted messaging.
But Masas said that the plan wouldn’t fix the Messenger bug as browser provides iFrames.