For those of you that use the Facebook Camera app, there is a new update that you will want to be sure to apply. There is a vulnerability in the previous version that makes it possible for someone connected via wifi to have their account hijacked by someone sharing that network. In other words, someone using the older Facebook Camera app could be affected while they were connected a public, unsecured wifi connection like at their friendly local coffee shop or in a hotel or airport.
Researcher Mohamed Ramadan has discovered that the Facebook Camera app did not perform sufficient SSL authentication, and it would not warn the user if someone were trying to hijack their account. Other Facebook-related apps do not have this problem. Facebook Camera app version 1.1.2 fixes this vulnerability, and it’s currently available in the App Store.
There have been no reports of this vulnerability being exploited in the wild, but it’s best to err on the side of caution, especially now that the details have been made public. And using unsecured public wifi always carries risks beyond those posed by one app. This article has tips on how to protect yourself if you choose to use public wifi.