A year after Facebook received a bug report regarding a loophole in its app architecture, the vulnerability remains exploitable, says the researcher who discovered this potential threat to user privacy. Facebook says it has countered this loophole with automated systems that monitor for abuse. An independent Indian security researcher says, “Facebook may not be properly doing access control checks; they are considering user-developed apps having SSO access token to be ‘fully trusted’ Facebook is now counting on a number automated, behavior-based monitoring systems to safeguard against such abuse.”]
Source: https://www.databreachtoday.com/is-facebook-flaw-still-unpatched-a-7619