Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft
The Hacker News
Microsoft security researchers have identified critical vulnerabilities in Facebook and Google Picase which led to account compromise and arbitrary code execution.

The bug in Picasa that the MVR team found could allow an attacker to gain complete control of a user's machine if he could entice the victim into downloading a malicious JPEG file. It's not the most complex exploitation scenario, and in the current age of people sharing, downloading, emailing and re-posting photos on a variety of platforms, it might not be too difficult for an attacker to accomplish.

"A vulnerability exists in the way that Picasa handles certain specially crafted JPEG images. An attacker could exploit this vulnerability to cause Picasa to exit unexpectedly and execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its advisory.

The vulnerability in Facebook involves a problem with the way that the site implemented its protection against clickjacking attacks. An attacker could use the vulnerability to gain full access to a victim's account.

"A vulnerability exists in the way Facebook.com had previously implemented protection against clickjacking attacks. An attacker could exploit this vulnerability to circumvent Facebook privacy settings and expose potentially sensitive user information. An attacker who successfully exploited this vulnerability could take complete control of a user's Facebook.com account and could perform any action on behalf of the user such as read potentially sensitive data, change data, and delete contacts," the MVR advisory said.

UPDATE : Facebook has fixed the problem, Just after release of Advisory.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.