Instagram bug for spying on users found and fixed

    A coding vulnerability was identified by cybersecurity corporation ‘Check Point’, on Instagram which could have allowed attackers to get illegal access to anyone’s location data, phone contacts, and camera.

    This vulnerability was identified by Facebook’s security committee as “Integer Overflow directing to Heap Buffer Overflow” and was prompted by a coding error in Mozjpeg, an open-source program used by Instagram as their JPEG format image decoder.

    It was seen that when Mozjpeg attempted to decompress an image of specific dimensions and beyond an allocated size, it activated the bug which crashed the app and gave attackers access over Instagram app. Anyone could have manipulated the bug by delivering a specially crafted image to the target’s phone via Whatsapp, E-mail or any other online methods of media exchange. By exploiting the comprehensive app authorizations granted to apps like Instagram, attackers would have gained access to other elements of the phone such as microphone, camera, and storage.

    Check Point said, “Facebook responded quickly to their findings and released a patch fixing the issue on all platforms. The patch was released in February, which means it must have been downloaded by the majority of Instagram users by now.”

    Researchers at Check Point advised that the Mozjpeg program on Instagram is not a singular use case. The Mozilla-based project is widely used by various apps. Check Point suggested developers that they can reduce the attack surface by constraining the receiver to a small number of supported image formats.

    Also Read – Indian companies more vulnerable to cyber-attacks: Study Reports

    Recent Articles

    Software testing company Qualitest acquires QA InfoTech

      Qualitest, the world's largest independent managed services provider of quality assurance and testing solutions, announced on 18th February 2021 that they have acquired QA...

    Beginners guide to Submit Paper for Software Testing Conferences

      Software Testing Conferences have become extremely important nowadays with constant changes in techniques, and up-gradation of technology, it is extremely important for Testers to...

    Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million

      Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching...

    Provar Secures $17M in Series A Funding

      London-based Provar is a company that assists clients and partners in making Salesforce better with repeatable and manageable test automation. It pairs instinctive testing...

    Weekly Newsletter (7th Feb’ 21 to 13th Feb’ 2021)

      Here’s the Weekly Newsletter from 7th February’ 2021 to 13th February’ 2021: 1. European Software Testing Awards 2020 - This year the 7th Edition of...

    Related Stories

    Stay on op - Ge the daily news in your inbox