Just clicking on the link to one of the applications that were taking advantage of the bug would allow the auto-posting to happen, Facebook said on Tuesday. The apps, which appeared to be sending people to a survey web site, were disabled on Monday.
"Earlier this week, we discovered a bug that made it possible for an application to bypass our normal CSRF (cross-site request forgery) protections through a complicated series of steps. We quickly worked to resolve the issue and fixed it within hours of discovering it," Facebook said in a statement. "For a short period of time before it was fixed, several applications that violated our policies were able to post content to people's profiles if those people first clicked on a link to the application."
No comments:
Post a Comment