Trend Micro: Facebook, MySpace Hit by Zero-Day Flaw
February 2008 by Trend Micro
Social networking most commonly translates to connections and even friendships online. Yet recent trends also point users toward system infection – with the ever growing number of subscribers to networking sites also comes a growing number of threats.
Just a month ago, Facebook’s Secret Crush feature was discovered to be loading adware and spyware. Almost at that same time, MySpace was compromised when it was found to be laced with banner ads that install malicious files and programs.
Now, a vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems.
Aurigma’s Image Uploader Control Library was found to have a buffer overflow vulnerability that could be exploited by an unknown user to compromise systems. MySpace and Facebook use the application for their image uploading functions. Researchers are still trying to determine if only a version of the image downloader application had the ActiveX boundary error and if the said social networking sites are using secure versions.
Trend Micro advises users to stand by for patches that would address this said vulnerability. Meanwhile, setting Internet and Local intranet security zone settings to “High” before running ActiveX controls in these zones will prove to be helpful in making one’s system more secure.