It was possible to override the main UI of Facebook for Android (FB4a) by launching the activity FbMainTabActivity including some additional extras which result in a new music bar being attached across the bottom of the screen.
read more
Launching Internal & Non-Exported Deeplinks On Facebook
ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792
I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a link! This was probably one of my most underrated vulnerabilities yet..
read more
Downloading any file via Facebook for Android - $750 bounty
The Facebook android app utilises deeplinks throughout the whole application. I stumbled upon a deeplink which opens any given video url in your default media app, expected...
read more
Making the Facebook app more secure - $8500 bounty
Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute...
read moreabout me
26 year old multistack developer & security researcher based in Gosport, UK. I like to blog about interesting vulnerabilities I come across, when allowed 🙄