The security hole was discovered by a Moroccan security researcher

Jan 3, 2014 11:42 GMT  ·  By

Moroccan security researcher Souhail Hammou has identified and reported an open redirect vulnerability on the mobile version of Facebook’s “How are you feeling?” page.

“The attacker can take users without any warning from Facebook to malicious websites that can exploit Java/Browser vulnerabilities or he can simply take them to download malware,” the researcher has told me in an email.

An attacker simply needed to convince his victims to click on a maliciously crafter link in order to lure them to any website.

Hammou reported the security hole to Facebook around three months ago. The social media company confirmed fixing the issue on December 31, 2013. The expert has been paid an undisclosed amount of money for finding the vulnerability.

Check out the video published by the researcher to see how the attack worked.