Skip to main content
0 Results Found
              Back To Results

                Facebook Messenger (iOS) Certificate Validation Vulnerability

                Dell SecureWorks Security Advisory SWRX-2016-001

                Advisory Information

                • Title: Facebook Messenger (iOS) Certificate Validation Vulnerability
                • Advisory ID: SWRX-2016-001
                • Date published: Tuesday, March 22, 2016
                • CVE: Not assigned
                • CVSS v2 base score: 5.8
                • Date of last update: Tuesday, March 22, 2016
                • Vendors contacted: Facebook, Inc.
                • Release mode: Coordinated
                • Discovered by: Sean Wright, Dell SecureWorks


                The Facebook social networking service includes a mobile application called Messenger that allows users to send private messages to their Facebook contacts. Although the application uses HTTPS to communicate with the backend servers, insufficient validation of the certificates returned by these servers leaves the application open to man-in-the-middle (MITM) attacks.

                Download the PDF: SWRX-2016-001

                PGP Signature

                Related Content

                Close Modal
                Close Modal