Check Point Software disclosed details about a vulnerability found in Facebook Messenger, both in the online and mobile applications. Following Check Point’s responsible disclosure, Facebook promptly fixed the vulnerability.
Check Point Security Researcher Roman Zaikin discovered the vulnerability allows hackers to control the Facebook chat and adjust the messages according to his needs, including deleting them and replacing text, links, and files.
There are a few potential attack vectors abusing this vulnerability. These schemes could have a severe impact on users due to Facebook’s vital role in everyday activities worldwide, one of which could be used to distribute malware.
Check out a video demo of it here:
You can also read the specifics here: http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/