Written by Adam Rowles, on 03-02-2008 13:13

Editor's rating

Average user rating    (0 vote)

Views 1165

Favoured 62

Myspace and facebook are now putting users at risk of being attacked by hackers. Recently developed code in both Myspace and Facebooks image uploader will have Social Networking users at risk, according to security researchers.

Elazar found this vulnerability in the Aurigma Image Uploader, which is a application that both facebook and Myspace employ to allow users to upload images. It will allow hackers to execute a bug which will unleash malicious code on the users computer, which can lead to system crash/virus/bug/spyware.

This is a flaw in the system, but a flaw that could be very costly. This defect has been published on major hacking sites, such as milw0rm.com and many more. It is only a matter of time attacks are going utilize this flaw and could affect millions of people.

The issue involves an error in the ActiveX contoler, when handling strings to the ‘action’ property.

It has been put on the high priority list and will be looked into asap. I would suggest no-one to use this facility on both facebook and myspace until there is a patch to fix this issue.

Check back as we will keep you updated on this issue.

---

Last update: 03-02-2008 13:16

Published in : The News, Latest News

Users' Comments (1)

Add your comment

Posted by Jason Hendriks, on 23-06-2008 19:56, IP 99.234.33.0, Guest 1. Fearmongering Well this article was a waste of time.    Facebook doesn't use the Aurigma image uploader, and there is no Microsoft Active-X anywhere on the system. Just Java, and you are required to "trust" the Java applet before it is allowed to troll your hardware for files - an obvious security risk that you, as the user, consented to. A standard HTTP browse and POST file upload is available on the same screen for those who actually care about security, probably 1% or less of the Facebook population.   » Report this comment to administrator » Reply to this comment...