ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
alerts_tag
Facebook Photo uploader vulnerability


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number:  020408-01
Alert Date:  02/04/08
Alert Title:  Facebook Photo uploader vulnerability
Update-to:  None.
OS/Platform/Application:  Facebook Photo Uploader  earlier than version 4.5.57.1 on applicable systems
Category:  ALERT
Severity:  MEDIUM
Attention:  System Administrators, Desktop Support Personnel, Facebook users

Summary:  Multiple Internet security resources are reporting the existence of a vulnerability in the photo uploader utility for Facebook.  The most likely mechanism of exploit would be the opening of a maliciously-crafted website and could result in takeover of a vulnerable system.  An updated version of the uploader utility (4.5.57.1) is available from the vendor to address this vulnerability.

It is important to note that recent research into the nature and trends of malware has shown that the majority of websites hosting maliciously-crafted software are in fact ones which users presume to be "legitimate" sites.  The fact that dangerous software may be hiding within seemingly innocuous websites is another reason why it is vitally important to patch all vulnerable software on any system as soon as patches are made available from the vendor.  In cases where a patch is not yet available users should consider any website and/or media file that they visit or handle as a potential source of compromise for their computer systems.

Recommended Actions:  System administrators, support personnel and Facebook uploader users are encouraged to read the security advisories (safe links provided below) and (if appropriate) apply the upgrade at their earliest convenience.

Readers are encouraged to share this alert with family, friends, and associates who may use Facebook on their home computers.

ITS Actions:  N/A

Resources:

FrSirt Advisory (NOTE this advisory includes a direct download link for the updated
version of software):
http://www.frsirt.com/english/advisories/2008/0391


ComputerWorld article detailing changes the nature of maliciously-crafted websites:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9058599
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies