Web designer and developer Gareth Wright has discovered security vulnerabilities in Facebook’s app for iOS and Android devices, reports MacRumors.com.
The flaw allows malicious users to access login credentials that are located in a .plist file connected to the app and use them to login to the stolen account on a different device.
While Facebook states that this vulnerability only affects lost or jailbroken devices, Wright and The Next Web have confirmed that unmodified devices could be at risk if they’re plugged into a compromised computer or accessory.
The Next Web has also uncovered a similar issue with the Dropbox app for iOS.
Read more here.