Categories: Science

Facebook fixes Instagram bug that turns phones into spying tools

<p id="content">Facebook has patched a critical vulnerability on Instagram that could have given an attacker the ability to take over a victim's Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file.

When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim's Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone's contacts, camera and location data, according to cybersecurity researchers at Check Point.

An attack can be triggered once a malicious image is sent via email or WhatsApp and then saved on a victim's device.

The researchers revealed the critical vulnerability as remote code execution (RCE) that allows an attacker to take over a computer or a server by running arbitrary malicious software (malware).

"This vulnerability can allow an attacker to perform any action they wish in the Instagram app. Since the Instagram app has very extensive permissions, this may allow an attacker to turn the targeted phone into a perfect spying tool instantly – putting the privacy of millions of users at serious risk," the cyber security firm revealed in a blog post on Friday.

Instagram is one of the most popular social media platforms globally, with over 100 million photos uploaded every day, and nearly 1 billion monthly active users.

"The vulnerability we found was in the way that Instagram used Mozjpeg– an open-source project used by Instagram as its JPEG format image decoder for images uploaded to the service," the researchers explained.

The company disclosed the findings to Facebook and the Instagram team.

Facebook described the vulnerability as an "Integer Overflow leading to Heap Buffer Overflow" and issued a patch to remediate the issue on the newer versions of the Instagram application on all platforms.

"The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited," the researchers informed.

"We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available".</p>.

IANS

Recent Posts

Balochistan: Medical students protest campus closure, security crackdown

Students at the Bolan Medical College (BMC) in Balochistan's Quetta entered the 27th day of…

7 minutes ago

Climate change, health risks escalate amid surge in PoGB deforestation

The intensifying cutting of trees for firewood in Pakistan-occupied Gilgit-Baltistan (PoGB) is not only worsening…

1 hour ago

India’s retired judges, bureaucrats call for “immediate end” to attacks on minorities in open letter to Bangladesh

A group of retired judges, bureaucrats, Army officials and other civil society members have penned…

2 hours ago

Israel, Slovakia sign historic USD 582 million deal to boost Air Defense capabilities

Israel and Slovakia signed a 2 billion shekel (USD 582 million) agreement on Monday to…

2 hours ago

Pakistan: Protests continue in Kurram over road closures amid crisis

Protests against the prolonged road closures in Kurram persisted on Sunday, as residents held a…

3 hours ago

Sikyong Penpa Tsering successfully concludes key engagements in US, strengthening Tibetan cause

Sikyong Penpa Tsering, the political leader of the Central Tibetan Administration (CTA), has successfully concluded…

3 hours ago