Chrome alert breached passwords

Facebook Messenger App Vulnerability Allowed Persistent Malware Attacks

A serious vulnerability affected the Facebook Messenger app threatening many users. Exploiting the bug on the specific app version could facilitate long-term persistent malware attacks.

Facebook Messenger App Vulnerability

Researchers from Reason Security, a cybersecurity firm, have caught a serious security flaw in Facebook Messenger. They have shared the details of the vulnerability and its potential impact in a recent blog post.

As revealed, the vulnerability specifically existed in the Facebook Messenger for Windows. This is the desktop version of the app available on Microsoft Store.

The bug existed because this specific app version executed an unusual code that allowed an adversary to gain persistent access to the target device.

As explained in the post,

The app executes code that shouldn’t be executed, resulting in a vulnerability that allows attackers to hijack a call for a resource within the Messenger code in order to run their malware.

Explaining further about the flaw, the researchers state,

Reason research team found a strange call to load the Powershell.exe from the Python27 directory. When we saw that, we knew we found something since the location of “Python27” is in the “c:python27” directory, which is a low-integrity location. This means that every malicious program can access the path without any admin privileges.

Exploiting this vulnerability could hence facilitate the attacker to run malware on the target machine for extended durations.

The researchers have shared the PoC exploit in their post.

Patch Rolled Out

Reason Labs following this discovery, reached out to Facebook to inform them of the flaw. They noticed that the vulnerability affected the Facebook Messenger for Windows version 460.16.

Following their report, Facebook patched the flaw with the release of version 480.5. Since this version is available on Microsoft Store, users can simply update their devices to the latest version to stay safe.

Source link