Facebook vulnerability to view private photos
Recently a vulnerability in Facebook Photo Sync features has been uncovered. This vulnerability allows for attackers to gain access to your private facebook photos, that is if they have a 3rd party app of which can then get permission to read your personal synced photos.
The vulnerability was reported by ‘Laxman’ and as a result he was rewarded $10,000. In a blog post he stated:
“The vulnerable part is, it just checks the owner of the access token and not the application which is making the request. So it allows any application with user_photos permission to read your mobile photos,”