Muthiya explored for flaws in vault images and it was vulnerable.
So it allows any system with user_photos permission to read your mobile photos.
Muthiya contacted Facebooks security team with the PoC and FB immediately took notice of the bug and patched it.
Muthiya has made a PoC video of the bug which is given below :
Read More
source: www.techworm.net
