The flaw allows attackers to intercept user credentials Facebook.
Facebook has released a new version of the Camera application for iOS to fix a vulnerability that could allow an attacker to break into user accounts, social networking, running-man attack in the middle.
Egyptian IT-specialist and CEO of Attack-Secure Mohamed Ramadan found the vulnerability and reported her to the administration of Facebook. According to the Ramadan, if the attacker was connected to the internet via the same wireless network as the victim, he could gain access to the transmitted traffic and intercept user credentials.
“The problem was that the application accepts SSL-certificates from any source, even from malware, and it allows an attacker to attack the man-on-the-middle for those users who use the app Camera for iPhone”, – explained Ramadan.
For vulnerability detection to the expert paid $3 thousand.
All users of the application for Facebook – Camera – need to upgrade to the latest version in order to protect themselves from identity theft.