Back in September, a security researcher wrote about discovering a flaw in Facebook’s messaging system. In order to bypass the filter that would prevent users from attaching executable files in attachments: all you had to do was rename the executable file with an additional “space” after the .exe. Facebook will then gladly accept the file and send it off to the recipient just like that.
The Facebook team was informed about the bug, which they then denied as being an issue – so they left it unfixed. It’s been about a month the bug was reported, and now we’re happy to report that Facebook has quietly fixed the problem. While Facebook didn’t acknowledge it, users no longer can attach executable files to their messages using the aforementioned method.
While the issue was reported on a number of tech blogs online and Facebook took its sweet time to fix it, I guess we’re pretty fortunate that it wasn’t majorly exploited by hackers or people who wanted to spread malware around. Find out more.
. Read more about