Researcher publishes proof-of-concept code for creating Facebo



A Polish security researcher has published today details and proof-of-concept code that could be used for creating a fully functional Facebook worm.

This code exploits a vulnerability in the Facebook platform that the researcher –who goes online under the pseudonym of Lasq— has seen being abused in the wild by a Facebook spammer group.

The vulnerability resides in the mobile version of the Facebook sharing dialog/popup. The desktop version is not affected.

Read more…