Saturday, January 11, 2014

Expert finds flaws in Google and Facebook

Security researcher Jitendra Jaiswal has identified a couple of interesting vulnerabilities in Facebook and Google. Both of them have been addressed. The security hole that plagued Facebook was an open URL redirect issue that allowed an attacker to redirect victims to any website without any restriction and without interaction on the user's part. Facebook rewarded the expert with $1,000 for his findings. As far as Google vulnerability is concerned, Jaiswal found a clickjacking (UI redressing) flaw on the Google Maps website that could have been exploited to change a user's Google+ profile picture, hijack his webcam, and update his status. Proof-of-Concept videos are available to see how the vulnerabilities could have been exploited. The issues were discovered last year in November, but the expert has only published their details now. <more>

No comments: