A mistake in Facebook Messenger causes people to talk to you.
In November, researchers discovered a Facebook error that allowed websites to extract data from users’ profiles because of the vulnerability. Today, the same team exposed a security vulnerability in Facebook Messenger that caused the person you’re chatting to show up.
In a blog post, Imperva security researcher Ron Masas explains how an attack can take advantage of the features of the iFrame elements to determine the status of an application. Executing this process with individual Messenger communications gives you one of two states that are full or empty, indicating whether a user is communicating with that person.
However, Mases helped Facebook realize the error and Facebook decided to completely remove all iFrames from the Messenger user’s surface. And this problem seems to have disappeared for now.
“Most of the industry is not aware of it”
“Browser-based channel attacks are still an issue that is overlooked.” “Most of the industry is still unaware, while big players such as Facebook and Google catch up with this issue.” by saying the words.