Security News > 2020 > September > Instagram Remote Account Takeover Required No Action From Victim
A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform.
Check Point Research decided to examine Instagram because of its size and popularity.
Exploiting this vulnerability would give the attacker full control over the Instagram app, enabling the attacker to take actions without the user's consent - including reading all direct messages on the Instagram account, deleting or posting photos at will, or manipulating account profile details.
If this is saved to the victim's phone, merely opening the Instagram app will trigger the exploitation and give the attacker full access for remote takeover.
Facebook patched the vulnerability in February 2020, and Check Point delayed publishing its account of the vulnerability a further six months to give Instagram users enough time to update their apps.