Instagram bug for spying on users found and fixed

    A coding vulnerability was identified by cybersecurity corporation ‘Check Point’, on Instagram which could have allowed attackers to get illegal access to anyone’s location data, phone contacts, and camera.

    This vulnerability was identified by Facebook’s security committee as “Integer Overflow directing to Heap Buffer Overflow” and was prompted by a coding error in Mozjpeg, an open-source program used by Instagram as their JPEG format image decoder.

    It was seen that when Mozjpeg attempted to decompress an image of specific dimensions and beyond an allocated size, it activated the bug which crashed the app and gave attackers access over Instagram app. Anyone could have manipulated the bug by delivering a specially crafted image to the target’s phone via Whatsapp, E-mail or any other online methods of media exchange. By exploiting the comprehensive app authorizations granted to apps like Instagram, attackers would have gained access to other elements of the phone such as microphone, camera, and storage.

    Check Point said, “Facebook responded quickly to their findings and released a patch fixing the issue on all platforms. The patch was released in February, which means it must have been downloaded by the majority of Instagram users by now.”

    Researchers at Check Point advised that the Mozjpeg program on Instagram is not a singular use case. The Mozilla-based project is widely used by various apps. Check Point suggested developers that they can reduce the attack surface by constraining the receiver to a small number of supported image formats.

    Also Read – Indian companies more vulnerable to cyber-attacks: Study Reports

    Recent Articles

    Weekly Newsletter (25th Apr’ 21 to 1st May’ 21)

      Here’s the Weekly Newsletter from 25th April’ 2021 to 1st May’ 2021: 1. Moolympics #3: Diversity, Equity, and Inclusion through UX - Moolya Software Testing Private...

    OpKey University launched to provide advanced automation testing training

      Opkey announced on 26th April 2021 that the company has launched its own "Opkey University". According to OpKey University, software testing is a critical...

    Cypress 7.2.0 released with New Features and Bugfixes recently released Cypress 7.2.0 version, the new version comes with various bug fixes and new features. Users can now navigate through folders in...

    Moolympics #3: Diversity, Equity, and Inclusion through UX

      Moolya Software Testing Private Limited recently launched Moolympics which is a monthly competition series that covers different skills, values, cultures you bring to the...

    Weekly Newsletter (18th Apr’ 21 to 24th Apr’ 21)

      Here’s the Weekly Newsletter from 4th April’ 2021 to 10th April’ 2021: 1. OpKey launches Industry’s First Marketplace for ERP Test Automation - Opkey recently launched...

    Related Stories

    Stay on op - Ge the daily news in your inbox