×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Facebook Updates iOS Camera App to Patch Security Flaw

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Facebook recently released version 1.1.2 of its Facebook Camera app for iOS, patching a vulnerability that enabled attackers to hijack user accounts if the app was being used over Wi-Fi.

"Versions pre-1.1.2 and releases before December 21 feature the vulnerability that was discovered by Mohamed Ramadan, an Egyptian security researcher with Attack-Secure," writes TweakTown's Trace Hagan. "The problem apparently resided in the SSL certification: 'The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone. This means that the application doesn't warn the user if someone in the same [WiFi network] trying to hijack his Facebook account.'"

"In order to demonstrate his findings, the expert configured a Burp Suite proxy to listen on port 8080," writes Softpedia's Eduard Kovacs. "The proxy was easily able to capture the email address and the password he entered when logging in to the Facebook Camera app. For his findings, Facebook rewarded the researcher with $3,000. Ramadan advises Facebook Camera users to update their apps to the latest version in order to protect themselves against cybercriminal attacks that might leverage the vulnerability present in older variants."

Submit a Comment

Loading Comments...