Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another website, a security researcher warned on Monday.
Reseacher Nitesh Dhanjani also warned that a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.
Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information, which allowed users to change their mind before adding the app. But a policy change has meant some apps can now choose to use a new implicit authorization feature that does not warn users a third-party app is trying to request their data, Dhanjani said.
For more, read "Researchers: Facebook vulnerable to clickjacking" on CNET News.