This time, the problem was one of confidentiality, not availability.
Simply put, he found that, if you had Facebook's Photo Sync feature turned on, then any app with permission to access photos on your phone could access your synced photos, too.
Photo Sync means that whenever you take photos with your phone (and that includes screenshots, by the way), Facebook's app automatically uploads them to Facebook's cloud in case you want to publish them online later.
We can't think why that's a good idea, but many people seem to find the feature useful because:
You get an automatic backup of every photo.
Uploaded photos are private by default, so they aren't visible to other people until you want them to be.
It makes it convenient to share photos later on.
Laxman's bug was the fact that apps other than Facebook's own could read those synced photos back from the cloud.
Obviously, if you've authorised an app to access the photos on your device, you have already accepted the risk of allowing that app to do unsavoury things with private snapshots you might take.
So this is not an earth-moving bug, but it's definitely a security hole.
Learn more:
- https://gustmees.wordpress.com/2014/11/25/digital-citizenship-social-media-and-privacy/
Learn more:
- https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/
- https://gustmees.wordpress.com/2014/11/25/digital-citizenship-social-media-and-privacy/