[ad_1]
A security researcher found a security flaw in the function of downloading the Facebook application on the Android platform, which could be used to launch attacks and implement remote code execution (RCE), prompting Facebook to give this researcher $ 10,000 in exchange for finding the error, since you use the Facebook application. Facebook on Android has two ways to download files from a group: a built-in Android service called DownloadManager, and a second method called Files Tab.
According to the Indian website “TOI”, Egyptian security researcher Sayed Abdel Hafeez discovered a flaw in the download process of the second form and said in a post on Medium: “I discovered an ACE error on Facebook for the Android system that can be classified through a download file. From the Files tab group without opening the file, the vulnerability was in Method 2 and although security measures were implemented on the server side when uploading files, they were easy to avoid.
Abdelhafeez explained how the files tab bug allowed the researcher to launch RCE attacks on a target device, and the vulnerability in the files tab has now been fixed.
In June this year, security researcher Bipin Jitiya, who lives in Ahmedabad, India, won 23.8,000 rupees ($ 31,500) from Facebook to identify a bug in his basic social media platform and a business intelligence portal from third parties. 26 years, a web security flaw in server-side internal request forgery (SSRF) in publicly accessible endpoint source code, created with MicroStrategy tools, which led to data collection and content creation personalized.
MicroStrategy has partnered with Facebook on data analysis projects for several years. Jitya informed MicroStrategy’s security team about the bug, which he admitted, saying the problem had been resolved, and in May, a 27-year-old Indian security researcher, Bhavuk Jain, got $ 100,000 from Apple for discovering the Zero Day vulnerability. now patched when logging in with Apple account authentication.
