Facebook has fixed a vulnerability in its Android app, which could allow an attacker to cause a denial-of-service on a device or transfer large amounts of data to and from the device, incurring large data charges.
According to Threatpost, the flaw existed in the way that the Facebook app handled HTTP requests as the server will accept requests from any client, which leads to the vulnerability.
The update from Facebook also fixes a pair of other vulnerabilities in the Facebook app, one that could allow an attacker to intercept video content in some circumstances and another that could disclose audio recordings of chat messages. The latter vulnerability also affects Facebook Messenger for Android.