|
|
|
|
|
|
by melville_X
4438 days ago
|
|
|
Most important is this line which demonstrates not only does the attacker need to social engineer a user, it has to be done via a vulnerable website: > The patch of this vulnerability is easier said than done. If all the third-party applications strictly adhere to using a whitelist. Then there would be no room for attacks. However, in the real world, a large number of third-party applications do not do this due to various reasons. Facebook, etc aren't insecure directly, their 3rd party partners are for not implementing a URL whitelist. This website chose to bury that fact. This explains why Facebook is aware of the issue and did not address it. |
|
|