Had something pop up on your wall or the wall of your friends that didn’t look quite right? There’s a good reason. There is apparently across-site scriptingvulnerability that is allowing messages to be posted to people’s walls without their knowledge or consent.
Accordingto Symantec, it’s a vulnerability in the mobile API version ofFacebook, due to “insufficientJavaScriptfiltering”. What you’re getting in return is an automatic redirect to a URL containing the JavaScript, whereby an unknowing user will visit a site while also logged in to Facebook, thus posting a message to their wall.
Facebook is reportedly working on a fix for the issue, though Symantec is presently warning users to log out of their Facebook accounts unless they are actively using the site to prevent the cross-site script from having access.
Story byBrad McCarty
A music and tech junkie who calls Nashville home, Brad is the Director TNW Academy. You can follow him on Twitter @BradMcCarty.(show all)A music and tech junkie who calls Nashville home, Brad is the DirectorTNW Academy. You can follow him on Twitter@BradMcCarty.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
