- A safety flaw fresh in Fb’s ad platform has been fastened by Meta
- The researcher who discovered the flaw used to be awarded a $100,000 bug bounty
- The flaw allowed the researcher to successfully take address watch over of a Fb server
Meta has awarded cybersecurity researcher Ben Sadeghipour a bug bounty of $100,000 after he discovered a security vulnerability on Fb’s ad platform in October 2024.
The flaw allowed Sadeghipour to shuffle commands on the inner Fb server which housed the platform, giving him address watch over of the server.
In accordance with Sadeghipour, the unpatched bug allowed him to hijack the server using a headless Chrome browser, which is a version of the browser users shuffle from the computer’s terminal, to work alongside with Fb’s inner servers straight.
Share of wider researcher
The flaw in the platform used to be connected to a server that Fb extinct to gain and produce adverts, which used to be prone to a previously fastened flaw fresh in the Chrome browser, which Fb uses in its ad machine.
Sadeghipour told TechCrunch online promoting platforms are elegant targets due to the “there’s so well-known that occurs in the background of making these ‘adverts’ — whether or now no longer they are video, textual state material, or photos.”
“However on the core of it all it’s a bunch of data being processed on the server-aspect and it opens up the door for a ton of vulnerabilities,” Sadeghipour acknowledged.
The researcher confirms he didn’t take a look at out everything he would possibly presumably perchance be pleased once he used to be at some level of the server, though “what makes this unhealthy is that this used to be per chance a fragment of an inner infrastructure.”
After reporting the vulnerability to Meta, the bug took correct an hour to repair, Sadeghipour acknowledged, noting his discovery used to be fragment of ‘ongoing study on a particular utility with a particular motive’. This flaw in particular took him a few hours to identify, however Meta worked with him to fleet patch the bug and offered a bounty that used to be ‘method past’ expectations, he confirmed in a LinkedIn put up.
Worm bounties were on the upward thrust recently, with Google severely rising its rewards for researchers who take half in the program, so safety study is getting extra profitable.
You would possibly presumably perchance also additionally like
- Seize a explore at our decide of the most inspiring malware elimination machine around
- Researchers hijack thousands of backdoors as a consequence of expired domains
- Take a look at out our picks for most inspiring antivirus machine
