‘Originull’ Bug Allows Hackers To Read All Your Facebook Messenger Chats

Earlier this week, Cynet reported a critical vulnerability that was spotted on Facebook. This hack, dubbed “Originull,” potentially affects millions of website that use origin null restriction checks and exposes the website visitors to malicious elements.
The vulnerability being talked about is a cross-origin bypass attack that lets an attacker use some external website and read a Facebook user’s private messages. This flaw affects Facebook’s mobile app as well as the website.
Usually, your browser protects you from such hacks by only allowing Facebook pages to fetch the information. However, due to this bug, Facebook opens a bridge that allows the subsites of the social network to access the information.
A security researcher of Cynet, Ysrael Gurt, discovered a flaw in the way Facebook manages the identity of these subsites. To exploit the flaw, a hacker needs to fool a Messenger user into visiting a malicious website.
The two-line technical summary of the hack states:

This meant that if we could cause the browser to send “null” in the “origin” header, we would get a “null” value in the “Access-Control-Allow-Origin.

 Cynet has reported the issue to Facebook and they have patched this loophole.