Facebook Uploader Up to No Good

Love Facebook? Many do. The social networking site can officially be proclaimed the web's new number one phenomenon, drawing the young and old into a complex and entertaining framework that employs concepts from dating to games to, of course, photos. Unfortunately, all that popularity makes it a dangerous place -- a bit like downtown NYC -- and vulnerable to some pretty significant flaws. (Source: itbusiness.ca)

According to security analyst Elazar Broad, another critical vulnerability has been discovered in Facebook's Aurigma ImageUploader control. It's not the first problem to affect this particular function; in a statement, Broad stated, "The control is vulnerable to a stack-based buffer overflow in the ExtractExif and ExtractIptc properties. See the exploit code for buffer offsets. Other properties may be vulnerable as well to a DoS and/or code execution." (Source: zdnet.com)

Granted, that sounds like a whole lot of mumbo jumbo to the average Facebook user. Understand that it's very similar to other issues that have been bubbling to the surface on the site of late, including a flaw discovered last week that allowed attackers to nail a Windows-based system through rigged web pages.

Security experts are offering up a pair of possible fixes for this problem in particular. Users can disable the uploader tools involved in the flaw, or go ahead and completely disengage the ActiveX component. Given the number of problems with this control in recent weeks, it seems the security gurus are leaning towards the latter.

With Facebook now being utilized as both a personal and business tool, these kinds of threats are almost sure to multiply.