Ever wonder how hackers can hack your smartphone remotely?
In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.
What’s more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim’s private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device.
According to an advisory published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895, CVSS score: 7.8) impacts all versions of the Instagram app prior to 22.214.171.124.128, which was released on February 10 earlier this year.
“This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile,” Check Point Research said in an analysis published today.
“In either case, the attack could lead to a massive invasion of users’ privacy and could affect…