Nir Goldshlager

Skype, Dropbox Patch Critical Facebook Authentication Bugs

UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sending users and their access tokens to them.

Facebook Patches OAuth Authentication Vulnerability

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw essentially mimicked the functionality of an authentic Facebook application without actually installing an application to their profile.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.