A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account.
OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions.
According to researcher, the vulnerability gives a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account .
But researcher discovered that there are built-in Applications(Facebook Messenger) in Facebook that users never need to accept , And this application have a full control on your account.