Saturday, February 27, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
No Result
View All Result
Tech News, Magazine & Review WordPress Theme 2017
  • Tech

    Is Facebook too powerful?

    WandaVision release dates: When does each episode of the Marvel show air on Disney Plus?

    Save 25% on phone cases and screen protectors at Speck

    Pokemon games didn’t make Pokemon famous. Pokemon made Pokemon famous

    NIA files charge sheet against 11 ‘Qaeda-inspired Module’ members

    In election year, BJP eyes new turf, Congress and others look at retaining strength

    ByteDance to pay $92 million in US privacy settlement

    View: The city-building never sleeps

    Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign

  • Apps
  • Computers
  • Camera
  • Mobile
  • Smart Devices

    Redmi Max 86-inch Ultra-HD TV with 120Hz Refresh Rate Launched

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    ShortsTV Now Available on Airtel Xstream: Report

    Google Working on Fix for Wear OS ‘Hey Google’ Detection Issue: Report

    Xiaomi Expands Local Manufacturing of Smartphones, Smart TVs in India

    Realme Narzo 30 Pro 5G, Narzo 30A Debut in India: All You Need to Know

    Realme Narzo 30 Series, Buds Air 2 to Launch in India Today: How to Watch Live

    Realme Motion Activated Night Light Set to Launch in India Tomorrow

  • Software
  • Audio

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    Redmi AirDots 3 TWS Earphones With 7-Hour Battery Life Launched

    RedmiBook Pro 14, RedmiBook Pro 15 With 11th-Gen Intel Processors Debut

    Noise Buds Solo TWS Earphones With Hybrid ANC Launched in India

    WandaVision’s ‘Agatha All Along’ Song Out on Spotify, Apple Music, Others

    Realme Buds Air 2 True Wireless Earphones With ANC Launched in India

    Samsung Galaxy Buds Pro Review

    Realme Narzo 30 Series, Buds Air 2 to Launch in India Today: How to Watch Live

    TCL Launches New Wired and Wireless Headphone Range in India

  • TV
  • Tech

    Is Facebook too powerful?

    WandaVision release dates: When does each episode of the Marvel show air on Disney Plus?

    Save 25% on phone cases and screen protectors at Speck

    Pokemon games didn’t make Pokemon famous. Pokemon made Pokemon famous

    NIA files charge sheet against 11 ‘Qaeda-inspired Module’ members

    In election year, BJP eyes new turf, Congress and others look at retaining strength

    ByteDance to pay $92 million in US privacy settlement

    View: The city-building never sleeps

    Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign

  • Apps
  • Computers
  • Camera
  • Mobile
  • Smart Devices

    Redmi Max 86-inch Ultra-HD TV with 120Hz Refresh Rate Launched

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    ShortsTV Now Available on Airtel Xstream: Report

    Google Working on Fix for Wear OS ‘Hey Google’ Detection Issue: Report

    Xiaomi Expands Local Manufacturing of Smartphones, Smart TVs in India

    Realme Narzo 30 Pro 5G, Narzo 30A Debut in India: All You Need to Know

    Realme Narzo 30 Series, Buds Air 2 to Launch in India Today: How to Watch Live

    Realme Motion Activated Night Light Set to Launch in India Tomorrow

  • Software
  • Audio

    Apple Spring Event 2021: Here’s What iPhone Maker Could Launch Next Month

    Redmi AirDots 3 TWS Earphones With 7-Hour Battery Life Launched

    RedmiBook Pro 14, RedmiBook Pro 15 With 11th-Gen Intel Processors Debut

    Noise Buds Solo TWS Earphones With Hybrid ANC Launched in India

    WandaVision’s ‘Agatha All Along’ Song Out on Spotify, Apple Music, Others

    Realme Buds Air 2 True Wireless Earphones With ANC Launched in India

    Samsung Galaxy Buds Pro Review

    Realme Narzo 30 Series, Buds Air 2 to Launch in India Today: How to Watch Live

    TCL Launches New Wired and Wireless Headphone Range in India

  • TV
No Result
View All Result
Indian Technology News
No Result
View All Result
Home Tech

Facebook awards $10,000 for finding bug in its Android app

October 6, 2020
Share on FacebookShare on Twitter


A security researcher has found a vulnerability in the download feature of Facebooks Android app that could be exploited to launch remote code execution (RCE) attacks. The social networking giant awarded the researcher $10,000 for finding the bug.


Facebook’s Android app uses two methods of downloading files from a group — a built-in Android service called DownloadManager and a second method called Files Tab.



Security researcher Sayed Abdelhafiz discovered a path traversal flaw in the second method.


“I discovered an ACE on Facebook for Android that can be triaged through a download file from group Files Tab without opening the file,” he said in a post on Medium.


The vulnerability was in the second method. While security measures were implemented on the server side when uploading the files, it was easy to bypass those.


“First idea that came to my mind was to use path traversal to overwrite native libraries which will lead to executing arbitrary code,” Abdelhafiz said.


Abdelhafiz explained how the Files Tab flaw enabled the researcher to launch RCE attacks against a target device.


The vulnerability in the Files Tab has now been fixed.


In June this year, Ahmedabad-based security researcher Bipin Jitiya won Rs 23.8 lakh ($31,500) from Facebook for identifying a bug in its social networking platform and a third-party business intelligence portal.


Jitiya, 26, identified the web security vulnerability in internal blind Server-Side Request Forgery (SSRF) in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.


MicroStrategy has partnered with Facebook on data analytics projects for several years. Jitiya reported the bug to the MicroStrategy’s security team, who acknowledged it, saying the issue has been mitigated.


In May, a 27-year-old Indian security researcher Bhavuk Jain grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.


The Zero Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.


–IANS


na/

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor



Credit: www.business-standard.com

Tags: AhmedabadAirbnbAlphabet IncAndroidArbitrary code executionbusiness intelligence portalComputer architectureComputingExploitMicroStrategyOperating systemsSecuritySmartphonessocial networking gianttarget deviceVulnerability
Previous Post

The Batman has been delayed to 2022

Next Post

Apple Inc removes third-party audio products from online store

Techie

Techie

Next Post

Apple Inc removes third-party audio products from online store

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Audio
  • Smart Devices
  • Tech

Tags

5G alphabet Amazon Android Android 11 Apple bharti airtel BJP ces 2021 China Congress coronavirus covid 19 Donald Trump Facebook FLIPKART Google Huawei India Instagram IOS iPhone iPhone 12 iphone 12 pro Jio Joe Biden mi Microsoft Motorola nokia OnePlus OPPO Realme redmi Samsung samsung galaxy s21 ultra Smartphones Social media Tech TikTok Twitter Vivo whatsapp Xiaomi youtube
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2020 Indi Tech News, Website By Maarich

No Result
View All Result
  • Home

© 2020 Indi Tech News, Website By Maarich