Instagram had a large vulnerability which let hackers take over accounts with the use of one malicious image file. This was found by Check Point, and Facebook had fixed this once it had been reported.
The researchers said that this vulnerability might have let hackers gain control of Instagram accounts. This would give the hackers complete access to messages and photos of the victims, and they will also be able to post from their accounts.
Even more, they will be able to gain access to contacts in their phone, their camera, their location data. This issue was dubbed critical based on the number of permissions Instagram can get access to from a user’s device. This contains microphone, location, data, camera, contacts and many more.
This hack occurred through a remote code execution (RCE) which provides hackers with remote access to the Instagram app of the victim. The phone of the victims could be used as a spying tool by the hacker.
According to research, ‘Mozjpeg’ was where the issue was found, which is an open-source project that is used by Instagram as its JPEG format image decoder. Malicious images can be sent through any file that has been saved on the device of the victim.
The exploitation begins every time the Instagram app gets opened and the resources on it will become accessible. This might cause the app to crash or stop functioning at all, in which case, Instagram would have to be deleted and reinstalled.
Check Point had informed Facebook about this vulnerability which had immediately been fixed.