One of the most popular social media applications by Facebook, Instagram, found a dangerous bug which if not resolved, would have given hackers a chance to take over the phone of the victims completely.
The bug was discovered on Instagram earlier this year and only was taken care of after the recent application update. If the bug were not removed immediately, hackers would have taken the opportunity to get access to personal files and more.
The risk to Instagram
Researchers from the cybersecurity firm Check Point said that the vulnerability would have allowed hackers to control the victim’s phone camera, location, and contact list.
With the global active users of Instagram surpassing 100 million, the bug could have resulted in a social media platform’s tragic event.
A plausible situation may lead hackers to send negative images to the user through Whatsapp, email, or any other platform. And once the user saves the image on the phone’s files, it would pave the way for the exploitation to occur. The matter results in hackers gaining access to everything that Instagram has access to, including contacts, storage, location, and camera.
After the reports came in, Facebook issued a patch to resolve the bug with Instagram’s team’s help immediately.
According to a report by Information Security Buzz News, Check Point encourages all the users to update the application to the latest rollout.
Instagram made the wise move of involving its users to resolve the issue, confirming that “remote code execution” is the culprit. “Remote code execution.”
The famous application sees RCE as a significant threat because it could perform complex functions despite the distant location.
An application like Instagram, which is so popular and used by many, is expected not to have such major bugs. Even if it had some bugs, Instagram should have been able to detect them long ago.
Such troublesome bugs cause the developers not to manually encode all the needed codes because the creation requires time.
Hence, they rely on third-party libraries to handle everyday tasks such as image processing, sound processing, network connectivity, and more, as per India TV. Even if the said method saves time, it heavily relies on the third-party library for security.
In this case, the vulnerability was found to be caused by Mozjpeg, an open-source project used by Instagram to decode the JPEG format images loaded on its server.
Meanwhile, users can update their respective Instagram applications for added-security purposes.
Image courtesy of PixieMe/Shutterstock