Malware, Network Security, Threat Management, Vulnerability Management

Facebook seals shut CSRF vulnerability

Facebook has plugged a cross-site request forgery (CSRF) vulnerability that could have allowed attackers to alter  privacy settings and deface profiles on the behalf of unwitting users, according to a security advisory released Monday by network security firm Alert Logic. The "critical" bug could had been exploited by bypassing Facebook's anti-CSRF controls and tricking a logged-in user to click on a malicious link. The vulnerability, discovered by M.J. Keith, senior security analyst at Alert Logic, was reported to Facebook on May 11 and patched Monday. The flaw appears to never have been publicly known. — DK

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.