Earlier it was reported that Instagram users are facing a critical vulnerability that allows attackers to take access over a victims Instagram account and use their smartphone as a spying tool. Finally, Facebook has fixed the bug and now Instagram users can take a breath of relief. This vulnerability was allowing attackers to take over Instagram accounts by simply sending them a malicious image file.
According to Check Point researchers report, the moment a user opens the malicious image on the Instagram app, the vulnerability allows the hacker to take full access to the victim’s messages and images. Hackers can also post or delete images on the victim’s account as per their wish. Besides, they also get access to the user’s phone contact, camera, and location data.
The report also suggests that an attack can be triggered once a malicious image is sent via WhatApp or email and saved on the targeted device. As per the researchers, the vulnerability is known as remote code execution (RCE) this allows hackers to take control over a computer or server running on malware.
“This vulnerability can allow an attacker to perform any action they wish in the Instagram app. Since the Instagram app has very extensive permissions, this may allow an attacker to instantly turn the targeted phone into a perfect spying tool, putting the privacy of millions of users at serious risk,” reads the cybersecurity firm blog post.
Instagram is one of the most popular images and video sharing platform across the globe with more than 100 million photos uploaded every day. According to the official data it has close to 1 billion active users.
“The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited,” the researchers added.