Mark Zuckerberg-owned Facebook has been surrounded by a host of privacy issues. In addition to the existing ones, a new Facebook bug has surfaced which allowed anyone to view your messages.
According to a blog post by the Imperva, a cybersecurity firm, Facebook Messenger was prone to a vulnerability (now patched) that allowed Cross-Site Frame Leakage or CSFL attacks, digging out information from the iFrame elements in the app.
The information was taken from the number of iFrame elements on a cross-origin page located on a background page. Researchers recorded two “states” of data where “full state” refers to pages that would display conversations with people with whom the user has interacted before. And “empty state” displays information about people users have never talked to.
By differentiating between the two states, the attackers could get to know of the people users have been in conversation with on Facebook Messenger.
After discovering the bug, security researcher Ron Masas intimated Facebook about the vulnerability, following which the social media platform patched the bug in December by removing all iFrame elements from the Messenger.
While the vulnerability has been patched, Facebook or, for that matter, any other platform needs to take significant security measures, specifically for CSFL attacks.