25-09-2020

Technical details about a high-severity vulnerability in Facebook�s Instagram app for Android and iOS show how an attacker could exploit it to deny user access to the app, take full control of their account, or use their mobile device to spy on them.

To trigger the bug, an attacker had only to send the target a specially crafted image via a common messaging platform or over email.The issue was in the way Instagram parsed images, so as long as the app could access it to show it as options for a post, the vulnerability would set off allowing dangerous actions.

Facebook fixed the problem in spring, following responsible disclosure from cybersecurity company Check Point, and issued a vague security advisory for it.