Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
clime
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security system
Social
Space
startup
TikTok
transfer
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
television
Partner Content
TechCrunch Brand Studio
Crunchboard
get hold of Us
In October 2024 , security researcherBen Sadeghipourwas analyzing Facebook ’s ad platform when he rule a security exposure that allowed him to run command on the intragroup Facebook host housing that platform , essentially hold him mastery of the waiter .
After he reported the exposure to Facebook ’s proprietor Meta , which Sadeghipour say took just one hour to fix it , the societal networking giant awarded him $ 100,000 in a bug bounty payout .
“ My assumption is that it ’s something you may require to fix because it is directly inside of your infrastructure , ” Sadeghipour write in the composition he send off to Meta , he told TechCrunch . Meta responded to his report , tell Sadeghipour to “ refrain from try out any further ” while they repair the vulnerability .
The event , allot to Sadeghipour , was that one of the server that Facebook used for creating and present advertizing was vulnerable to a antecedently fixed defect found in the Chrome web browser , which Facebook utilize in its ads system . Sadeghipour said this unpatched germ allowed him to hijack it using a brainless Chrome internet browser ( essentially a version of the internet browser that user pass from the computer ’s terminus ) to interact directly with Facebook ’s internal servers .
Sadeghipour , who witness the Facebook vulnerability work with independent researcher Alex Chapman , tell TechCrunch that online advertising political program make for gamy targets because , “ there ’s so much that bechance in the ground of making these ‘ advertizement ’ — whether they are video , text , or epitome . ”
“ But at the meat of it all it ’s a bunch of data being processed on the server - side and it opens up the room access for a ton of vulnerabilities , ” said Sadeghipour .
The researcher said he did n’t test out everything he could have done once inside the Facebook waiter , but “ what pass water this dangerous is this was probably a part of an internal infrastructure . ”
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ Since we have code execution of instrument , we could ’ve interact with any of the sites within that infrastructure , ” read Sadeghipour . “ With an [ remote codification executionvulnerability ] , you’re able to short-circuit some of these limitation and also directly tear stuff from the server itself and the other machines that it has accession to . ”
Meta spokesperson Nicole Catalano acknowledged receipt of TechCrunch ’s petition for comment , but did not comment by press time .
