[ad_1]
nabd.cc
Engineer Mohamed Abdel Ati
The Egyptian engineer from Luxor, Mohamed Abdel Ati, managed to discover security flaws on the Facebook site, and the site administration rewarded him, and he was placed on the honor roll for security researchers for the year 2020.
Eng. Mohamed Abdel-Ati confirmed that he was honored after discovering a security problem in one of the infrastructure elements used by the company, which allows the extraction of certain information about the internal system of Facebook servers. He said that he informed the website administration about the vulnerability during the ban period due to the Corona epidemic, as he contacted the “Facebook” team more than once to review the technical details of the vulnerability carefully before to be closed and registered on the honor roll.
It should be noted that “Facebook” is one of the sites that allows vulnerability finders to search for vulnerabilities on it and inform them of the site without harmful exploitation of the site or users. The vulnerability finders are included on an honor roll that is updated annually. Abdel-Ati indicated that he had previously reported several vulnerabilities on the “Facebook” site, which is the fourth time his name has been included on the honor roll.
Egyptian security researcher Sayed Abdel Hafeez had found a security flaw in the download function of the “Facebook” application on the Android platform, which could be used to launch attacks and execute remote code (RCE), leading to Facebook to award this researcher 10 thousand One dollar for finding the error. The Facebook application on Android uses two methods to download files from a group: a built-in Android service called DownloadManager and a second method called Files Tab.
According to the Indian website “TOI”, Abdul Hafeez discovered an error in the download process of the second form, and said in a post on Medium: “I discovered an ACE error in Facebook for the Android system that can be ordered to via a download file from the Files tab group without opening the file, and it was the vulnerability in Method 2, and although server-side security measures were implemented when uploading files, it was easy to bypass.
Nasser hatem
Source: RT
[ad_2]
