Facebook has fixed a security vulnerability that could be exploited by an attacker to record video from a victim’s webcam and then post it to their timeline without requesting their permission. The vulnerability was not properly protected against cross-site request forgery (CSRF) attacks. Researchers Aditya Gupta and Subho Halder received a $2,500 reward as part of Facebook’s bug bounty programme. The two are happy with the outcome, as the reward paid out by Facebook for reporting the vulnerability proved to be significantly more than expected.”]