The Egyptian engineer from Luxor, Mohamed Abdel-Ati, succeeded in discovering security flaws on the “Facebook” site, and the site’s management rewarded him and was placed on the honor list for security researchers for the year 2020.
Eng. Mohamed Abdel-Ati confirmed that he was honored after discovering a security problem in one of the infrastructure elements that the company uses, which allows extracting some information about the internal system of Facebook servers. He said that he informed the website management about the vulnerability during the ban period due to the Corona epidemic, as he communicated with the “Facebook” team more than once to review the technical details of the vulnerability carefully before the vulnerability was closed and registered in the honor list.
It is worth noting that “Facebook” is one of the sites that allow vulnerability discoverers to search for vulnerabilities in it and inform them of the site without harmful exploitation to the site or users. The vulnerability finders are included in an honor list that is updated annually. Abdel-Ati indicated that he had previously reported various vulnerabilities on the “Facebook” site, which is the fourth time his name has been included in the honor list.
The Egyptian security researcher, Sayed Abdel Hafeez, had found a security flaw in the feature of downloading the “Facebook” application on the Android platform, which could be exploited to launch attacks and execute remote code (RCE), which prompted Facebook to grant this researcher 10 thousand A dollar for finding the bug. The Facebook app on Android uses two methods to download files from a group – a built-in Android service called DownloadManager and a second method called the Files Tab.
According to the Indian website “TOI”, Abdul Hafeez discovered a bug in the download process in the second way, and said in a post on Medium: “I discovered an ACE error on Facebook for the Android system that can be sorted through a download file from the Files Tab group without opening the file, and it was The vulnerability in Method 2, and while server-side security measures were implemented when uploading files, it was easy to bypass.
These were the details of the news An Egyptian engineer discovers a security vulnerability in “Facebook” … and... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at saudi24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.