According to the researcher – who goes by handle Lasq – the worm only seems to affect the mobile version of Facebook’s sharing dialog and popup. In other words, it’s a problem that is only active on both the Android and iOS ecosystem, and not the PC. Lasq also specifies that the vulnerability seems to be of a clickjacking nature, and that hackers were exploiting the IFrame element of Facebook’s mobile sharing dialog. For context, an IFrame is a HTML document embedded that is embedded inside another HTML document.
Once verified, users were indeed redirected to the aforementioned comic. However, while they were reading the comic, the very same link would’ve simultaneously appeared on the person’s Facebook wall. Naturally, Lasq has brought up the issue about the code to Facebook, only for the social network to turn him away. Citing that in order for the clickjacking nature to be considered a security issue, the code “must allow attacker to somehow change the state of the account.”
If there is a lesson to be learnt here, we’re guessing it’s not to simply click on any just any links posted on your friend’s Facebook wall. More so if the link’s verification method is of a dubious nature. (Source: ZDNet)
