An Egypt based security researcher and trainer with Attack-Secure, Mohamed Ramadan, has discovered a critical vulnerability in the Facebook Camera app for iOS.
When used over WiFi, the vulnerability allows attackers to tap the network and hijack user accounts , compromising information like passwords, email id.
The older version of the app, pre-1.1.2 and released before December 21, were affected by the vulnerability. Make sure you have updated the app to version 1.1.2.
According to researcher , the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone.
"This means that the application doesn’t warn the user if someone in the same [WiFi network] trying to hijack his Facebook account.”