Facebook has patched a critical vulnerability in Instagram that could have given an attacker the ability to take over a victims Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file. Also Read – FarmVille to be shut down this year; will still be playable until December 31
When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data, according to cyber security researchers at Check Point. Also Read – LinkedIn gets stories, lets users post disappearing videos like Instagram
An attack can be triggered once a malicious image is sent via email or WhatsApp and then saved on a victim’s device. The researchers revealed the critical vulnerability as remote code execution (RCE) that allows an attacker to take over a computer or a server by running arbitrary malicious software (malware). Also Read – Apple to stop charging App Store fees from Facebook till 31 December
“This vulnerability can allow an attacker to perform any action they wish in the Instagram app. Since the Instagram app has very extensive permissions, this may allow an attacker to instantly turn the targeted phone into a perfect spying tool – putting the privacy of millions of users at serious risk,” the cyber security firm revealed in a blog post on Friday.