Facebook fixed an Instagram cross-site reference forgery (CSRF) first reported 22 August.
Freelance security researcher Christian Lopez Martin first found the vulnerability, which allowed access to users’ photos and information by making their private profiles public.
The service’s lack of a mechanism to prevent CSRF attacks allowed Martin to create a simple CSRF exploit. Facebook deployed a fix on 6 September 2013, but Martin found a way to bypass that too. After yet another ineffective fix, a final patch fixed the problem 4 February 2014.
Click here for more information.