Facebook Inc. typically protects its users from malware by blocking executable files from being sent through its messaging feature. But its filter can be tricked with a tap of the spacebar, one security expert disclosed.
The information Facebook uses to detect executable files looks at the "filename" variable in the information being sent through its website,
By exploiting this flaw, a user could send malicious software via Facebook to steal other users' banking passwords or other sensitive information. The recipient does not have to be on the sender's friends list.
Facebook representatives did not have an immediate comment, the article said.