Instagram fixes bug that lets hackers exploit user’s phone

Instagram fixes bug that lets hackers exploit user’s phone.   | Photo Credit: Reuters

Facebook has patched a critical vulnerability in Instagram that would let hackers take over a user’s phone just by sending a picture.

A report by Check Point Research this week revealed that Instagram had a vulnerability in the way that it uses Mozjpeg, the open source project used as their JPEG format decoder.

The firm explained that in the attack scenario, an attacker simply sends an image to the victim via email, WhatsApp or other media exchange platforms. When the Instagram app is opened, the malicious code exploits the vulnerability.

The image may or may not be saved, but just opening Instagram is enough to execute the code. The notable issue is how Instagram handles third-party libraries for image processing.

According to Check Point, the exploitation could lead to crashing a user’s Instagram app, not letting them open the app until it is deleted or re-installed which could lead to possible loss of data.

However, it stopped its further investigation after Facebook patched the vulnerability.

Facebook said in an advisory that the vulnerability has been patched, meaning users with the latest version of Instagram are immune to the attack.

“A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to,” the advisory said.

Check Point warned of some bugs that could be left or introduced in the future as well. It suggested continuous test of media format and operating system libraries and third-party libraries.

This article is closed for comments.
Please Email the Editor

Printable version | Oct 27, 2020 2:33:23 PM |

Next Story