A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones.
The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.
When Instagram is subsequently opened, a heap overflow would occur in the app’s image-processing library allowing – according to a blog post by security researchers at Check Point – attackers to spy on private messages, post and delete photos, as well as access the phone’s contacts, camera and location data.