Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
Stay informed on the latest Facebook security updates and protect your personal data with expert analysis and tips on our Information Security tag.
Search across headline titles and summaries.
Background for this topic.
Facebook is a social networking platform for user profiles, messaging, groups, pages, and content sharing, delivered through web and mobile clients and interfaces for third-party applications. Its security relevance comes from concentrating identity, relationships, communications, and personal data in a connected account ecosystem; compromise can expose private content or enable impersonation and targeted social engineering.
Security coverage includes vulnerabilities in Facebook’s clients, APIs, authentication, and account-recovery workflows, along with abuse of messages, groups, applications, and advertising features to distribute phishing or malicious links. Practitioners should distinguish platform flaws from credential theft or fraudulent content, assessing advisories by affected component, exploitability, and required updates. Privacy controls and third-party permissions reduce exposure but do not replace unique credentials, multi-factor authentication, session review, and prompt reporting; investigations may also require platform logs and preserved account or message evidence.
Weekly headline count for the current query.
Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.
Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.
One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.
Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.
Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.