Facebook patched Instagram’s risks vulnerability to Malicious Images
Facebook has fixed the recently noticed critical vulnerability on Instagram. Instagram’s probability of providing a platform for the attacker by converting the user’s devices as a spying tool was a greater security concern of cyberspace for past days. This critical vulnerability is considered a remote code execution (RCE) that allows an attacker to take over a computer or a server by running arbitrary malicious software.
Via sending a malicious image file, users were exposed to the ability of the attackers who may takeover of the victim’s Instagram account, thus leading their devices to act as a spying agent. The experts concluded that, once the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera, and location data, according to cybersecurity researchers at Check Point. The attack is said to be triggered only once a malicious image is sent via email or WhatsApp and then saved on a victim’s device.
As per one of the blog released by a Cybersecurity firm, the very extensive permissions, on Instagram may allow an attacker to instantly turn the targeted phone into a perfect spying tool and allow the attacker to perform any action they are interested in. Ultimately, this could risk the privacy of millions of users on one of the prominent social media platforms with 1 billion active users every month. The vulnerability was said to be found by a research company that disclosed the same to the attention of Facebook and Instagram. The revealed vulnerability was caused by one of the open-source project used by Instagram.
However, Facebook detailed the vulnerability as an “Integer Overflow leading to Heap Buffer Overflow” and issued a patch to remediate the issue on the newer versions of the Instagram application on all platforms. “The patch for this vulnerability has already been available for 6 months before this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited,” the researchers updated. “We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available”.