All Articles

Page 3 of 5
Tech Editorials #Advisory #CVE #RCE #Facebook #BugBounty

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

orange

2020-09-12

This post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and got fixed in June. After that, we kept monitoring large corporations to track the overall fixing progress and then found that Facebook didn't keep up with the patch for more than 2 weeks, so we dropped a shell on Facebook and reported to their Bug Bounty program!