Skip to main content

Facebook squashes bug that let anyone delete any picture or animation

Facebook 3D posts
Image used with permission by copyright holder
If you’re putting your life out there on Facebook, then you’re probably hoping your priceless images remain around for all posterity. At the very least, you want to be the one to remove them from the site should you decide they contradict your recent conversion to Buddhism. Fortunately for you and every other Facebook user, a bug was discovered and fixed that would have allowed anyone to easily delete your pictures and animated GIFs.

As reported by Security Week, the flaw was identified by Iranian security researcher Pouya Darobi, who was taking a look at a new Facebook polling feature and discovered a simple method for deleting any image or animation posted on Facebook. Thanks to Facebook’s generous bug bounty program, which put $10,000 in Darobi’s bank account, the bug was promptly reported and Facebook implemented a temporary fix on November 3, the day the bug was reported. A permanent fix came out on November 5.

At the heart of the program was a new polling feature that Facebook rolled out at the beginning of November. The feature allows users to create polls and add pictures and GIF animations. The poll creation process generates code that includes the unique image identification number for each picture and animation that is included with the poll.

If the poll post was subsequently deleted, then the images were deleted as well. The problem was caused by the ability to replace the image ID in the code with that of any other image on Facebook, including images owned by other users. Deleting the post deleted those images as well.

This is not the first bug that allowed users to delete Facebook materials. Other bugs have been discovered by researchers, like Darabi, that allowed the deletion of comments, videos, and photos. Like this bug, the method in many instances revolved around simply replacing the asset ID.

Darabi has made a pretty penny reporting bugs to Facebook, with a bug reported in 2015 that netted him $15,000 from the social media giant and $7,500 for another bug reported in 2016. All told, Facebook has shelled out well in excess of $5 million in its bug bounty program. It’s enough to make you want to spend some time locking down your Facebook account.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Facebook admits to Messenger Kids security flaw but insists it’s fixed
unicef global innovations children youth summit kids using a tablet

Facebook missed a troubling design flaw in its Messenger Kids app that allowed children to communicate with users who hadn’t been approved by their parents.

The social networking giant launched the app in 2017, touting it as a way for children under 13 to “safely video chat and message with family and friends.” Parents set up Messenger Kids by authorizing it through their own Facebook account and then selecting the users with whom they’re happy for their child to connect.

Read more
Microsoft Surface Laptop 5, Surface Pro 9 heavily discounted today
The Surface Pro 9 in laptop mode on a table.

Microsoft's Surface devices are well known for their versatility and performance, but they command premium prices. That's why there's always high demand for Surface Laptop and Surface Pro deals, as who doesn't want to enjoy a discount when making a huge investment? If you're interested, Best Buy is offering the Microsoft Surface Laptop 5 at $300 off, which brings its price down to $1,000 from $1,300, and the Microsoft Surface Pro 9 at $540 off, which lowers its price also to $1,000 from $1,540, ahead of the arrival of the consumer versions of the Surface Laptop 6 and Surface Pro 10. You need to push through with your transaction as soon as possible if either of these bargains caught your attention, as we're not sure how much time is remaining before they disappear.
Microsoft Surface Laptop 5 -- $1,000, was $1,300

The Microsoft Surface Laptop 5 is a traditional Windows 11 laptop that's powered by the 12th-generation Intel Core i5 Evo processor, Intel Iris Xe Graphics, and 8GB of RAM. It won't match up to the performance of the best laptops, but it's going to be more than enough to handle daily tasks for work or school. The laptop features a 13.5-inch PixelSense touchscreen with vibrant colors and sharp details, a battery that can last up to 18 hours on a single charge, and a 512GB SSD that provides ample storage space for your files. The Microsoft Surface Laptop 5 also comes with a 720p webcam and dual far-field Studio Mics for clear video calls.

Read more
The best MacBook to buy in 2024
Apple MacBook Pro 16 downward view showing keyboard and speaker.

Now that Apple has started outfitting its laptops with its M3 generation of chips, it's time to take another look at which is the best MacBook to buy in 2024. That’s not always easy, though, as buying the newest MacBook isn’t always the right decision. Apple has several tiers of performance, as well as various sizes, which can further complicate the matter.

What’s more, you can also still get M1 and M2 MacBooks, some from Apple’s own website and some from third-party retailers. But are they still worth your money? Our guide should help you decide.

Read more