Users of Facebook’s Camera iOS application might want to make sure they have updated to version 1.1.2, as Facebook confirmed a bug in older versions that created a security loophole.
The bug opened up the possibility for hackers to retrieve Camera user accounts and information such as email addresses and passwords if the app was used over Wi-Fi networks, TechCrunch reported, and Ramadan told TechCrunch:
The problem is that the app accepts any SSL certification from any source, even evil SSL certifications, and this enables any attacker to perform man in the middle attacks against anyone who uses the Facebook Camera app for IPhone. This means that the application doesn’t warn the user if someone in the same (Wi-Fi network) is trying to hijack his or her Facebook account.
Facebook issued the following statement to TechCrunch:
We applaud the security researcher who brought this bug to our attention for responsibly reporting the bug to our white hat program. We worked with the team to make sure we understood the full scope of the bug, which allowed us to fix it and upgrade the Camera application without any evidence that this bug was exploited in the wild. Users are only vulnerable if they are using an unsecured or untrusted public wireless network and an older version of the application. As always, we remind all users to only connect to networks they trust. Users can protect themselves by downloading the latest version of the Camera app. Due to the responsible reporting of this issue to Facebook, no one within the security community has evidence of account compromise using this bug. We have provided a bounty to the researcher to thank them for their contribution to Facebook Security.
Readers: Have you upgraded to version 1.1.2 yet?
Image courtesy of Shutterstock.