In a recent report, it has been revealed that a security flaw appeared in Facebook’s messenger allowed malicious users to alter the messages in the Messenger’s conversation after they were sent.
The security flaw was discovered by an online security company Checkpoint Software Technologies, earlier this month.
In a blogpost, the online security company in detail explained Facebook’s vulnerability: finding a message's unique "message_id" identifier, then altering the message content to contain an infected link or file and sending it back to Facebook which accepts the new content as genuine, without alerting the recipient of the change.
“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing,” Oded Vanunu, head of products vulnerability research at Check Point, said in the post.
According to Checkpoint the vulnerability was disclosed to Facebook Security Team earlier this month, and after a joint effort the vulnerability was promptly patched by Facebook.
In response to the whole scenario, Facebook in a blogpost explained that the bug on affected Messenger App on Android. It said, “Because even new content was subject to our anti-malware and anti-spam filters, this bug did not introduce the ability to send malicious content that would have been blocked in the original message.”
