A security researcher has discovered a vulnerability in Facebook s messaging system that could allow an attacker to send executable attachments to anyone on the popular social network. The vulnerability is such that an attacker doesn t necessarily need to be friends with the person to whom he sends the message. Facebook acknowledged the flaw on Oct. 26, and Power publicly disclosed it on Oct. 27. By design, Facebook users aren’t supposed to be able send executable file attachments via Facebook messaging (trying to do so results in an error message)
Source: https://threatpost.com/facebook-flaw-allows-users-send-executables-102811/75815/