Posted on Friday, September 25 2020 @ 10:09 CEST by Thomas De Maesschalck
Check Point security researchers
announce they discovered a dangerous bug on Instagram that would have allowed an attacker to take over your phone. The attack worked by crafting a malicious image file and tricking the user into opening it with Instagram. This triggered an "Integer Overflow leading to Heap Buffer Overflow" and could give the attacker full access to your phone:
Earlier this year, Check Point researchers found a critical vulnerability in the Instagram app that would have given an attacker the ability to take over a victim’s Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file. When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data.
Technical details about the exploit can be read
over here. There is no need to wory though as the bug seems hard to exploit and was reported to Facebook earlier this year. The company rolled out a patch on February 10, 2020 so if your mobile device regularly updates itself you should be safe from this exploit.
