A year after Facebook received a bug report regarding a loophole in its app architecture, the vulnerability remains exploitable, says the researcher who discovered this potential threat to user privacy. Through this exploit, apps can post to a user’s Facebook wall and, on behalf of the user, to their friend’s walls – without the user’s consent. Facebook says it has countered this loophole with automated systems that monitor for abuse. Facebook: “Facebook may not be properly doing access control checks; they are considering user-developed apps having SSO access token to be ‘fully trusted'”]
Source: https://www.cuinfosecurity.com/is-facebook-flaw-still-unpatched-a-7619