Facebook’s triage team acknowledged the issue and awarded me with bounty. By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy. As a security researcher, he has been inducted in Hall of Fame of Facebook. The issue is in how Instagram handles third-party libraries used for image processing. On the Instagram app itself, the RCE vulnerability could also be used to intercept direct messages and read them; delete or post photos without permission, or change account settings. The encryption war is on again, and this time government has a new strategy. all response Facebook has patched a critical vulnerability in Instagram that could lead to remote code execution and the hijack of smartphone cameras, microphones, and more. Couples Who Called It Quits During Quarantine. So they're pushing big tech to come up with an answer. Microsoft adds option to disable JScript in Internet Explorer. An attack can be triggered once a crafted image is sent -- via email, WhatsApp, SMS, or any other communications platform -- and then saved to a victim's device. A Leather Tote Bag from Radley London, Naked Beauty Queens: Former Miss USA Winners Strip Down for PETA, The Truth About Céline Dion’s Reported Romance with Backup Dancer…, PDA Alert! same Weatherford PD claimed to TMZ that Hall admitted to huffing the cans. © 2020 Telepictures Productions Inc. If you are interested in writing about cybersecurity, please email us at [email protected]. Join Facebook to connect with Bug Hall and others you may know. a "A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. all P.S — I would like to thank Mr. Ajay Gautam, Head of Security at Nassec, for helping me report the issue to Facebook. Surprisingly it gave an error message at the bottom left corner that displayed “there was a problem revoking access.”. Related Posts. Whether or not an image is saved locally or manually, just opening Instagram afterward is enough for malicious code to execute. Not only it earned me Hall of Fame on Facebook, but it also gave me a different thinking perspective… Let your inner lumberjack shine by defending the weak, doing the difficult, and treating women with respect.” The RCE vulnerability, now patched, took nothing more than an image file to trigger. My eyes caught an option named “Authorized App.” I understood by its name that it should be listing the third-party app to which I may have given permission to access data. Game maker says intruder gained access to its forum database by exploiting a vulnerability. Charlie Osborne The RCE vulnerability, now patched, took nothing more than an image file to trigger. CNET: Twitter faces class-action privacy lawsuit for sharing security info with advertisers. addresses Advertise |