Microsoft's Vulnerability Research team recently announced vulnerabilities in Google's Picasa application and in Facebook.

"The bug in Picasa that the MVR team found could allow an attacker to gain complete control of a user's machine if he could entice the victim into downloading a malicious JPEG file," writes Threatpost's Dennis Fisher. "It's not the most complex exploitation scenario, and in the current age of people sharing, downloading, emailing and re-posting photos on a variety of platforms, it might not be too difficult for an attacker to accomplish."


"The vulnerability in Facebook involves a problem with the way that the site implemented its protection against clickjacking attacks," Fisher writes. "An attacker could use the vulnerability to gain full access to a victim's account."

Both Google and Facebook have released fixes for the vulnerabilities.

Go to "Microsoft Research Team Reports Bugs in Facebook, Google Picasa" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.