A new bug in Facebook allows deleting public photos from the social network with mere four lines of codes. The new bug was spotted by a Laxman Muthiyah, who claims to have found a way to tweak codes to delete public images on the social network.
Laxman Muthiyah says he found the bug while playing around Facebook's Graph API, used to build Facebook apps.
“I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API. so took a album id & Facebook for android access token of mine and tried it,” writes Laxman Muthiyah in his blog.
“OMG :D the album got deleted! So i got access to delete all of your Facebook photos (photos which are public or the photos i could see)”
However, Muthiyah immediately reported the bug to Facebook's security team, which quickly fixed the bug in less than 2 hours from the acknowledgment of the report. Here's the video in which he explains how he was able to delete the Facebook public photo:
Facebook is no stranger to bugs and security vulnerabilities. The social networking company runs a Facebook Security's Bug Bounty program that provides recognition and compensation to security researchers practicing responsible disclosure.
Popular messaging app WhatsApp also suffered a bug related to photos. The bug discovered in WhatsApp allows strangers to see users profile photos, even when set to be viewable to friends only, according to security researchers. Read: Security bug in WhatsApp shows private pictures to strangers