An Instagram app Bug that Could’ve Given Hackers Remote Access to Your Phone

Global news + Cyber security 7 Defence todaySeptember 28, 2020 267 3 195 3

Background
share close

According to the report, Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.

The most worrisome thing about this flaw is that it not only lets attackers perform actions on behalf of the user within the Instagram app but also includes spying on victim’s private messages and even deleting or posting photos from their accounts.

According to an advisory published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895, CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year.

Facebook

According to Check Point Research, “This flaw turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile,”

“In either case, the attack could lead to a massive invasion of users’ privacy and could affect reputations — or lead to security risks that are even more serious.”

After the findings were reported to Facebook, the social media company addressed the issue with a patch update released six months ago. The public disclosure was delayed all this time to allow the majority of Instagram’s users to update the app, thereby mitigating the risk this vulnerability may introduce.

Although Facebook confirmed there were no signs that this bug was exploited globally, the development is another reminder of why it’s essential to keep apps up to date and be mindful of the permissions granted to them.

Written by: 7 Defence

Tagged as: , , , , , , .

Rate it
Previous post

todaySeptember 26, 2020

  • 138
  • 5
  • 141
close

Cyber security 7 Defence

FinSpy spyware tragets egypt

Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. ...

Post comments (3)

  1. Korey Renner on May 13, 2019

    Voluptatem iusto error sint consequatur eos aut accusamus. Eum maiores voluptatem facilis iste voluptatibus. Corporis dolor illum est dolores commodi unde et numquam. Laborum labore consequatur ea cupiditate.

    Delectus autem possimus qui est doloremque. Quibusdam beatae illo vero soluta. Fugiat voluptas adipisci quia. Et soluta nisi sed hic consequatur impedit. Praesentium perferendis molestiae voluptas sed.

  2. Major Huel DDS on May 13, 2019

    Non doloribus consequuntur vel rerum fugit quia. Ipsum odit quas vero. Culpa consectetur odio consectetur id id velit odio. Quia et molestiae sed repudiandae similique mollitia reiciendis.

    Voluptatem ut qui libero earum aspernatur aut vero. Et consequatur aut rem. Illum perferendis repudiandae qui quos. Ab nobis neque quibusdam at non dolor. Eaque est facilis et distinctio.

  3. Gordon Littel on May 13, 2019

    Ut reiciendis est velit ut repudiandae voluptas. Voluptatibus voluptatem nostrum aperiam corrupti laboriosam. Dolores commodi et perferendis harum. Velit natus nemo fugiat enim sit aliquam et.

Leave a reply

Your email address will not be published. Required fields are marked *