By Brian Donohue

Late last week the social networking giant Facebook patched a particularly voyeuristic security vulnerability in the platform that could have given malefactors the ability to remotely turn on the webcams of other users and post videos to their profiles, according to a Bloomberg News report. The vulnerability was discovered in July by the Indian security firm XY Sec. The firm’s founders, Aditya Gupta and Subho Halder told Bloomberg that Facebook must have considered the bugs serious because they paid XY Sec five times the typical $500 bug bounty price. On his personal website, Gupta said the issue arose from a problem in Facebook’s video upload feature. Evidently Facebook did not have, in Gupta’s words, “proper security checks enforced.” If exploited, it would have given an attacker the ability to secretly record video using another user’s webcam and post that content to the victim’s wall without their knowledge. [HSEC-1.8; Date: 31 December 2012; Source: http://threatpost.com/en_us/blogs/facebook-patches-webcam-snooping-vulnerability-123112]