The site has confirmed that a significant number of Facebook users found the images as part of their news feeds. It says these users were tricked in to pasting and executing "malicious" javascript in to their browsers' URL bars. This caused them to unknowingly share the offensive content with their networks, and creating a larger web of affected users.
Facebook says its engineers have been working around the clocks to plug the vulnerability.
"We've built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it," Facebook spokesman Frederic Wolens has been advising blogs and technology websites. "We have also been putting those affected through educational checkpoints so they know how to protect themselves. We've put in place backend measures to reduce the rate of these attacks and will continue to iterate our defences to find new ways to protect people."
The attacks took place over Monday and Tuesday of this week, with Wolens stating that most of the offensive images had been removed by yesterday afternoon in the US.
.jpg&h=334&w=500&q=100&v=20170226&c=1)
.jpg&h=334&w=500&q=100&v=20170226&c=1)
.jpg&h=334&w=500&q=100&v=20170226&c=1)
.jpg&h=334&w=500&q=100&v=20170226&c=1)
.jpg&h=268&w=401&q=100&v=20170226&c=1)
+(1).jpg&h=268&w=401&q=100&v=20170226&c=1)