A researcher recently found a way to sidestep Facebook's security controls to send a Facebook user a message containing an executable file.
"Facebook normally strips out messages that contain executables from its private messaging feature," writes SC Magazine's Dan Kaplan. "But a yet-to-be-fixed vulnerability, discovered by penetration tester Nathan Power, could enable someone to undermine these security controls by altering the 'POST' request, which is used to send data to a server."
"A bug like this is dangerous because it could allow criminals to send messages that contain malware," Kaplan writes. "Power reported the vulnerability to Facebook on Sept. 30, and the company acknowledged its existence on Wednesday."
Go to "Researcher finds way to send executable file on Facebook" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.