In the morning I told you that a rather dangerous vulnerability affects the Facebook application for iOS, but it can only be exploited on jailbroken terminals. Well, in the meantime, those from The Next Web they came up with new statements that make it clear that the vulnerability of that application can be exploited without a jailbreak and it is also present in the Dropbox application. Basically, a file inside these applications has the Facebook and Dropbox login information saved and that file can be taken from the terminal without jailbreak and if it is copied to another terminal that has the same applications installed, it can allow the user to log in to Dropbox or Facebook using your data.
After backing up his own plist and logging out of Facebook he copied mine over to his device and opened the Facebook app... My jaw dropped as over the next few minutes I watched posts appear on my wall, private messages sent, webpages liked and applications added . Scoopz then opened Draw Something on his iPad which logged him straight into my account where he sent some pictures back to my friends.
Although those from Facebook claim that only jailbroken terminals are affected, TNW claims that it tested the vulnerability and managed to access a Facebook account by simply copying from one terminal to another the file in which the login data were saved. The problem is that the respective data should have been encrypted, but Facebook and Dropbox chose to save them in a standard format and they are accessible to anyone, so anyone can steal your identity if you leave the terminal for a few minutes. There is currently no way to protect yourself against the theft of your Facebook/Dropbox account because application files can be accessed without problems, so be careful in whose hands you leave your terminals.
The worst part of the whole problem is that programs for Windows or even applications for Cydia could steal those files from you and send them to the servers of some hackers, so I recommend you to be extremely careful what you install in the next period.
