Privacy News Hacker Breaches Facebook with Remote Code Execution Exploit

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Facebook has allegedly paid a $40,000 bounty to Andrew Leonov, a security researcher who managed to breach the social networking site using a remote code execution bug he discovered and privately reported to the company.

Leonov explained in a post that he cracked the social network using an ImageMagick flaw which was actually discovered and patched last year. The vulnerability, however, still impacted Facebook, and the security expert figured out a way to use it as part of a remote code execution exploit in October.

In a timeline posted on his blog, Leonov says he reported the flaw on October 16, and after further investigation, the company patched it only a few days later.

$40,000 bounty for the researcher
The hacker says he discovered the vulnerability accidentally after being redirected by another service to Facebook, but decided to look into it to determine if the ImageMagick flaw was patched or not.

“Once upon a time on Saturday in October i was testing some big service (not Facebook) when some redirect followed me on Facebook. It was a «Share on Facebook» dialog,” he says. “I am glad to be the one of those who broke the Facebook.”

Since the vulnerability was privately reported, no user data was put at risk, so rest assured because your accounts are all safe, and so are your cat and food photos.

The hacker claims he received a $40,000 bounty from the social network, and this seems to be the biggest financial reward the company has ever paid to a researcher. As The Reg puts it, the previous highest paid bounty was $33,500 for Reginaldo Silva who also discovered a remote code execution bug.

Facebook hasn’t yet issued a statement regarding this bug, but given that a patch has already been released, there’s not much to say, except that everyone is safe and the exploit no longer works.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top