This Facebook Vulnerability Allowed Anyone To Delete Your Photos

Bug in Facebook allowed to delete any photo  This just-disclosed Facebook bug would have allowed anyone with a bit of technical know-how to delete any photo on the social media platform.  Discovered by an Iranian web developer, Pouya Darabi earlier this month, the vulnerability resides in Facebook’s new Poll feature. He quickly reported the bug to Facebook on November 3, which was patched by them on November 5. Darabi in return received a $10,000 bounty from Facebook for preventing potential damage to both users as well as the social media giant’s reputation in general.  Earlier this month, Facebook had launched a new Poll feature for posting polls that include images and GIF animations. In this feature, users can ask a question and then add two images that their friends and followers can choose from. When the user creates a poll, the ID number of the images used is sent along.  According to Darabi, he analyzed the traffic and found that when the user created a survey, a request was sent to the Facebook servers, including the file IDs of the images or gif URL attached to the polling, which anyone could easily replace the image ID in the request with the ID of any photo on Facebook and that photo would appear in the poll.