Instagram Fixes Vulnerability

Thursday, February 13, 2014 @ 04:02 AM gHale


Facebook fixed an Instagram cross-site reference forgery (CSRF) first reported 22 August.

Freelance security researcher Christian Lopez Martin first found the vulnerability, which allowed access to users’ photos and information by making their private profiles public.

RELATED STORIES
GitHub Hit by DDoS Attack, Again
Top 10 DDoS Attack Trends
More Malware Working in Cloud
Mobile Apps Growing in DDoS Attacks

The service’s lack of a mechanism to prevent CSRF attacks allowed Martin to create a simple CSRF exploit. Facebook deployed a fix on 6 September 2013, but Martin found a way to bypass that too. After yet another ineffective fix, a final patch fixed the problem 4 February 2014.

Click here for more information.



Leave a Reply

You must be logged in to post a comment.