Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Phone Reviews
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Phone Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Instagram vulnerability could have led to account hijacks; now fixed
  • Science

    Instagram vulnerability could have led to account hijacks; now fixed

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Sep 25, 2020, 05:32 pm
    Instagram vulnerability could have led to account hijacks; now fixed
  • Instagram has fixed a major flaw in its application.

    The issue opened a way for attackers to take over anyone's account on the Facebook-owned photo-sharing service and use it as a spying tool to access and steal the target's location data, personal photos, and messages, among other things.

    Here is all you need to know about it.

  • In this article
    What was the flaw in question? Once the photo was downloaded, attack could take place This could have turned the app, phone into spying tools Findings were disclosed to Facebook, fixed later Facebook has not commented on the matter
  • Issue

    What was the flaw in question?

  • Detected by the researchers at Check Point, the vulnerability in question tied to Instagram's implementation of Mozjpeg - an open-source project to decode JPEG format images on the service.

    They found that the issue could have been exploited by simply sending a malicious image to the target and tricking them into downloading it on their phone.

  • Details

    Once the photo was downloaded, attack could take place

    Once the photo was downloaded, attack could take place
  • Once the target downloaded the malicious image and opened it on Instagram, the exploitation would begin, with the bad image giving the attackers access to every resource pre-allowed by the service.

    This, the researchers noted, meant that they could take over an account completely, gaining access to its photos, messages, as well as on-device data such as contacts, camera, storage, and location.

  • Quote

    This could have turned the app, phone into spying tools

  • Detailing the flaw, the researchers said, "This vulnerability could allow an attacker to perform any action they wish in Instagram. Since the Instagram app has very extensive permissions, this might allow an attacker to instantly turn the targeted phone into a perfect spying tool."

  • Fix

    Findings were disclosed to Facebook, fixed later

    Findings were disclosed to Facebook, fixed later
  • The researchers disclosed the bug to Facebook, following which the social network issued a patch for the Instagram app.

    The flaw only affected the Android app and the fix has been available for six months, the team said.

    In case your Instagram app has not been updated during this period, it is highly recommended to install the latest release to avoid any security breaches.

  • Response

    Facebook has not commented on the matter

  • Facebook has not commented on the matter, given that the flaw has already been fixed.

    However, in its official advisory, the company said the flaw existed in Instagram versions prior to 128.0.0.26.128.

    "A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions," it added in the notice.

  • Facebook
  • Instagram
  • Security
  • JPEG
  •  
Latest News
  • IPL 2021: Records which Shikhar Dhawan can break this season
    IPL 2021: Records which Shikhar Dhawan can break this season
    Sports
  • Miami Open: Medvedev starts brightly, win for Osaka
    Miami Open: Medvedev starts brightly, win for Osaka
    Sports
  • Cast vote against 'divisive forces' to strengthen democracy: Rahul
    Cast vote against 'divisive forces' to strengthen democracy: Rahul
    Politics
  • Supplied more vaccines globally than vaccinated our people, says India
    Supplied more vaccines globally than vaccinated our people, says India
    India
  • Mathura woman contracts a South African strain of COVID-19
    Mathura woman contracts a South African strain of COVID-19
    India
Related Timelines
  • #BugAlert: Dating app Grindr risked private user information
    #BugAlert: Dating app Grindr risked private user information
    Science
  • #BugAlert: Attackers can use Google Drive to hack your system
    #BugAlert: Attackers can use Google Drive to hack your system
    Science
  • Critical vulnerabilities risking private user data flagged in OkCupid
    Critical vulnerabilities risking private user data flagged in OkCupid
    Science
  • Zoom bug allowed mimicking organizations; now fixed
    Zoom bug allowed mimicking organizations; now fixed
    Science
Trending Topics
Samsung OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News YouTube Hollywood News WhatsApp Bollywood News ISRO Yoga Honda Batman Football News
BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota Fashion Tips Mercedes Filmfare Awards
Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers Neha Kakkar Premier League Big Bang Theory
X-Men TATA Eoin Morgan Royal Enfield
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021