The popular security expert Nir Goldshlager, Founder/CEO of Break Security, found a serious vulnerability that allows attackers to post spoofed messages from any application on Facebook such as Spotify, Skype and Pinterest. The vulnerability is still unfixed today and it makes possible data spoofing from any Facebook app. Using injection techniques the attackers could elude security mechanisms and hijack a Facebook account with serious repercussion on users privacy. Facebook eliminated the stream.publish option, instead opting for a Feed Dialog to publish app activity.”]
Source: https://securityaffairs.co/wordpress/14474/hacking/how-to-hack-facebook-apps.html

