Security researchers have discovered a Zero-day in Facebook that can allow the hacker to take over any page on Facebook.
Nowadays, Facebook has been becoming a preeminent medium for small and medium businesses to advertise their products to a wider customer base. the essence of Facebook is the main page of the Facebook which permits brands, businesses, organizations and public figures to list their product/services and move out to their target readers. Anybody with the account can design the page and reach out to their proposed buyers who will like the facebook page if it entertains them. Following the page gets programmed updates on his/her News Feed.
An Indian security researcher has uncovered a zero-day in the Facebook Page which enabled him to seize any FB Page referring to any group. Arun Sureshkumar identified a zero-day in how the Facebook manages offers for its business accounts. Arun has expressed his bug results on his Blogspot where he says he can hack Facebook Page referring to anybody like President Obama, Prime Minister Modi etc.
Facebook Business Manager grants businesses more securely share and manage access to their ad accounts, Pages, and other assets on Facebook. Anyone in a business can view all of the Pages and ad accounts they work on in one place, without giving login information or being attached to their coworkers on Facebook.
Arun saw that he could beat Facebook into licensing to reach any Facebook Page through its Business Manager zero-day using Insecure Direct Object References vulnerability.
Bounty of $16,000 has been bestowed
Arun notified Facebook about the vulnerability and the FB Security Team confirmed that the zero-day is very crucial. Facebook momentarily patched the defect by eliminating the end-point and then published an update to simply patch the zero-day in a week. Arun was paid $16,000 for his bug discovery.