Tom’s Hardware contributor Lucian Armasu reported in early June that security researchers had pinpointed a vulnerability in both the web browser and mobile app version of Messenger that would provide certain malicious capabilities to hackers. Further research uncovered that the processes cyber criminals were able to carry out by exploiting this weakness were actually functions that Facebook itself already had access to.
Check Point security researchers found that by obtaining the ID of a user’s message, a hacker could transmit a modified version of the message to Facebook’s servers, all without the user’s knowledge. This opens the door for further, potentially harmful activity, including using the chat platform and connected servers to spread malware to other users.
