Microsoft Finds Security Flaws in Facebook, Picasa
The vulnerabilities have been fixed by both Google and Facebook.
Microsoft's Vulnerability Research team recently announced vulnerabilities in Google's Picasa application and in Facebook.
"The bug in Picasa that the MVR team found could allow an attacker to gain complete control of a user's machine if he could entice the victim into downloading a malicious JPEG file," writes Threatpost's Dennis Fisher. "It's not the most complex exploitation scenario, and in the current age of people sharing, downloading, emailing and re-posting photos on a variety of platforms, it might not be too difficult for an attacker to accomplish."
"The vulnerability in Facebook involves a problem with the way that the site implemented its protection against clickjacking attacks," Fisher writes. "An attacker could use the vulnerability to gain full access to a victim's account."
Both Google and Facebook have released fixes for the vulnerabilities.
Go to "Microsoft Research Team Reports Bugs in Facebook, Google Picasa" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.
July 18, 2011
The reward is available to anyone offering new information that results in the arrest and conviction of the botnet's operators.