If your Facebook Camera app on your Apple device is older than version 1.1.2, which was released on December 21st, you have to update it immediately. A security loophole was spotted in the app, which could put you at risk from having your personal information stolen.
When you use the older version of Facebook Camera over WiFi networks, malicious hackers can infiltrate the network and hijack your account, picking up personal details such as email addresses and passwords.
Mohamed Ramadan, an Egypt-based white-hat hacker (someone who looks for security loopholes so it would be remedied) who has also found and reported vulnerable spots in Apple, Google, and Etsy. In an interview with TechCrunch, Ramadan explains that the bug is located in the Camera app’s Secure Sockets Layer (SSL) certification, which was too open.
“The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for iPhone,” Ramadan says. “This means that the application doesn’t warn the user if someone in the same (WiFi network) trying to hijack his Facebook account.”
Meanwhile, Facebook has confirmed Ramadan’s discovery and has since been addressed in the 1.1.2 version, adding that there was no evidence the bug was “exploited in the wild.” Ramadan also received an unspecified amount of bounty for his “contribution to Facebook Security.”