This article was published on March 29, 2011

Facebook vulnerability allowing automatic wall posts


Facebook vulnerability allowing automatic wall posts

Had something pop up on your wall or the wall of your friends that didn’t look quite right? There’s a good reason. There is apparently a cross-site scripting vulnerability that is allowing messages to be posted to people’s walls without their knowledge or consent.

According to Symantec, it’s a vulnerability in the mobile API version of Facebook, due to “insufficient JavaScript filtering”. What you’re getting in return is an automatic redirect to a URL containing the JavaScript, whereby an unknowing user will visit a site while also logged in to Facebook, thus posting a message to their wall.

Facebook is reportedly working on a fix for the issue, though Symantec is presently warning users to log out of their Facebook accounts unless they are actively using the site to prevent the cross-site script from having access.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with