The chief technical officer of NETMYSOFT Laxman Muthiyan reported a critical issue in Facebook’s Rights Manager platform. The software is part of the suite of tools that the social network provides. The bug gives malicious users the ability to “freebot”, a term which is used to denote downloading pirated (illegal) copyrighted materials and upload them to other online services or file sharing platforms. The issue is caused by a permissions issue in the software. The Facebook team has amended the vulnerability.
The Facebook Rights Manager platform aids publishers and users who want to protect their content on Facebook.The Rights Manager lets the content providers to upload easily and maintain a reference library of video content, setup permission sets and rules and monitor for copyright infringement. The software also offers an extensive API that integrates well with various content management workflows and helps in managing larger libraries.
The security issue is caused by insufficient permissions checks in the tool. This exposes Facebook to unauthorized management and manipulation of reported pirated content. Once a user has gained approval by the tool it can be used to delete pirate copies available on the social network. The Rights Manager uses the Graph API which allows for third party access
As Facebook Rights Manager is part of the core platform it’s access token key allows the malicious users access to reported data content for every brand page available on the social network. The security expert adds that the tool has been white listed for some of the official pages of Facebook.
Laxman Muthiyan has disclosed the vulnerability to the social network and has been rewarded a bug bounty prize of 4000 dollars. The security is now patched by the relevant development team.