Hackers could have gotten full access to photos, DMs thanks to this Instagram vulnerability
Hackers can also get access to the phone’s contacts, camera, location, and basically turn the phone into a spying tool.
Instagram had a major vulnerability that could have allowed hackers to take over accounts with just one malicious image file. This Instagram vulnerability was discovered by Check Point earlier this year, and Facebook fixed it after the bug was reported.
Check Point researchers said this vulnerability could allow hackers to take control over a victim's Instagram account. It also gives them full access to the user's messages and photos, and to post from their account. It doesn't stop there. Hackers can also get access to the phone's contacts, camera and location data. The vulnerability was treated critical due to the number of permissions Instagram can get access to from a user's device. This includes microphone, location data, camera, contacts and more.
The hack can take place via a remote code execution (RCE) that gives hackers remote access to the victim's Instagram app. The hacker can use the phone as a spying tool. Check Point through its investigation found that the vulnerability lied in ‘Mozjpeg', an open source project Instagram used as its JPEG format image decoder. Hackers can send the malicious image via any file which has to be saved on the user's device. After this whenever they open the Instagram app, the exploitation starts. The hacker can then access the resources that have been allowed on the Instagram app. This can also cause the Instagram app to crash and not function at all. Users would have to delete the app and reinstall it.
Check Point informed Facebook about this vulnerability for which a patch was issued immediately, and has been available for six months now.