Google Fixes Comment Cloning Vulnerability In YouTube; Flaw Discovered By Egyptian Researcher

April 30, 2015


Google has fixed a flaw in YouTube, which was discovered by an Egyptian security researcher. The vulnerability allowed anyone to move or copy comments from one video to another without any user-interaction.

On April 15, Ahmed Aboul-Ela wrote on his blog that he and his friend, Ibrahim Mosaad, discovered the flaw that allowed them to duplicate or copy any comments from one video on YouTube to other. He noted that it was discovered while they were testing the features of reviewing comments.

Explaining the flaw, he said that “the author of the comment does not get notified that his comment is copied onto another video nor does the original comment from the original video get removed.” The flaw could be used to make a good video unpopular, and to copy any celebrity’s or public figure’s comment and paste it on their videos.

Aboul-Ela added that Google had awarded him $3,133, which is the maximum payment for disclosing vulnerabilities in normal Google applications.

Source: Ehackingnews, April 19, 2015.