From PC Mag: A vulnerability affecting the Web version of Facebook Messenger may have exposed who you've been chatting with on that platform.
Imperva Security Researcher Ron Masas discovered the flaw and privately reported it to Facebook. The social network has already rolled out a fix.
"I started poking around the Messenger web application and noticed that iFrame elements were dominating the user interface," Masas wrote in a Thursday blog post. "I decided to record the iFrame count data over time for as many endpoints I could find, with the goal of uncovering interesting and detectable states."
He did notice an interesting pattern:
"When the current user has not been in contact with a specific user, the iFrame count would reach three and then always drop suddenly for a few milliseconds," Masas explained. "This could let [an attacker] remotely check if the current user has chatted with a specific person or business, which would violate those users' privacy."
View: Article @ Source Site
