In the last few months, Instagram and Facebook have revealed a lot of information about bugs that were present on the system and could have been a potential risk on users’ data. However, at the time they were announced, they were already resolved and removed from the servers. In similar events, Instagram has revealed yet another major bug that could have allowed hackers to gain full control of the account. It could have led to complete account control and would have allowed the hacker to manipulate direct messages, and posts.
The severity of the bug could be imaged in the sense that it could have also allowed the hacker to access your complete contacts list, along with your phone camera and location data. However, it has yet again been found that the bug was removed by Facebook, which was detected by Check Point’s researchers earlier this year. The bug in question lay in Instagram’s open-source JPEG image decoder, Mozjpeg. Hackers just needed to send an image file to the user’s account in JPEG format.
Once the user downloaded the file and restarted the Instagram app, it would run a remote access tool (RAT) malware come into effect, and attackers could remotely escalate their privilege on the compromised device based on all the device permissions that Instagram has on it. The malware not only affected the file but also sensitive information from the phone such as camera, user location, microphone, storage, and more. As per the researchers, if the bug was found in the app, it would have crashed again and again when the users tried to use it. However, the bug is not available in the latest apps now.