Skip to main content
  1. Home
  2. Computing
  3. News

Facebook squashes bug that let anyone delete any picture or animation

By

If you’re putting your life out there on Facebook, then you’re probably hoping your priceless images remain around for all posterity. At the very least, you want to be the one to remove them from the site should you decide they contradict your recent conversion to Buddhism. Fortunately for you and every other Facebook user, a bug was discovered and fixed that would have allowed anyone to easily delete your pictures and animated GIFs.

As reported by Security Week, the flaw was identified by Iranian security researcher Pouya Darobi, who was taking a look at a new Facebook polling feature and discovered a simple method for deleting any image or animation posted on Facebook. Thanks to Facebook’s generous bug bounty program, which put $10,000 in Darobi’s bank account, the bug was promptly reported and Facebook implemented a temporary fix on November 3, the day the bug was reported. A permanent fix came out on November 5.

Recommended Videos

At the heart of the program was a new polling feature that Facebook rolled out at the beginning of November. The feature allows users to create polls and add pictures and GIF animations. The poll creation process generates code that includes the unique image identification number for each picture and animation that is included with the poll.

If the poll post was subsequently deleted, then the images were deleted as well. The problem was caused by the ability to replace the image ID in the code with that of any other image on Facebook, including images owned by other users. Deleting the post deleted those images as well.

This is not the first bug that allowed users to delete Facebook materials. Other bugs have been discovered by researchers, like Darabi, that allowed the deletion of comments, videos, and photos. Like this bug, the method in many instances revolved around simply replacing the asset ID.

Darabi has made a pretty penny reporting bugs to Facebook, with a bug reported in 2015 that netted him $15,000 from the social media giant and $7,500 for another bug reported in 2016. All told, Facebook has shelled out well in excess of $5 million in its bug bounty program. It’s enough to make you want to spend some time locking down your Facebook account.

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…

Editors’ Recommendations

Watch Tesla’s humanoid robot pull some snappy dance moves
Tesla's humanoid robot dancing.

Tesla has shared a new video showing its Optimus humanoid robot pulling some rather impressive dance moves.

While the nifty footwork might not be much use for the industrial settings that the robot is destined for, the 60-second clip effectively showcases its increasing agility and lifelike range of motion.

Read more
No, a lifetime VPN subscription doesn’t mean ‘your’ lifetime
iPhone with VPN service enabled in hand over a blurred background

Folks who signed up for al lifetime subscription with VPN provider VPNSecure have been discovering the true definition of “lifetime” when it comes to such deals. And it’s not the one they'd hoped to hear.

After new owners took over the company, these particular customers recently had their lifetime subscriptions canceled. The new operator of VPNSecure told them that it didn’t know about the lifetime deals when they acquired the business, adding that it was unable to honor them.

Read more
SanDisk’s latest drive sets new benchmark for consumer NVMe SSDs
The SanDisk WD Black SN8100 PCIe Gen 5 SSD with and without heatsink variants

SanDisk has officially introduced the WD Black SN8100, its latest high-end PCIe Gen 5 NVMe SSD targeting PC enthusiasts, gamers, and professional users. With sequential read speeds of up to 14,900 MB/s and write speeds of 14,000 MB/s, the drive sets a new bar for consumer SSD performance, surpassing some of the best NVMe SSDs currently on the market, including the Crucial T705. 

The SN8100 uses a standard M.2 2280 form factor and is available in capacities of 1TB, 2TB, 4TB, and 8TB. It’s worth noting that the 1TB model offers lower write speeds, up to 11,000 MB/s, compared to the higher-capacity versions, which reach up to 14,000 MB/s. 

Read more