Dzmitry Lukyanenka (@Vulnano)

Title	Vulnerabilities	Programs	Authors
Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval	IDOR Broken Authorization	Meta / Facebook	Dzmitry Lukyanenka (@Vulnano)
React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps.	Account Takeover Android	Meta / Facebook	Dzmitry Lukyanenka (@Vulnano)
Facebook Messenger for MacOS contained valid hardcoded FB access token (employee's token?)	Hardcoded Credentials	Meta / Facebook	Dzmitry Lukyanenka (@Vulnano)
Global grant uri in Android 8.0-9.0 (2018 year)	Broken Authorization	Google	Dzmitry Lukyanenka (@Vulnano)
Facebook Messenger server random memory exposure through corrupted GIF image	Information Disclosure	Meta / Facebook	Dzmitry Lukyanenka (@Vulnano)

Page 1 of 1