Security News > 2020 > October > Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
2020-10-27 16:01

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found.

When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

"It must somehow automatically open the link to know what's inside. But is that safe? What if the link contains malware? Or what if the link leads to a very large file that you wouldn't want the app to download and use up your data."

After the researchers sent a report to the LINE security team, the company updated its FAQ to include a disclosure that they use external servers for preview links, along with information on how to disable them.

Facebook Messenger and its sister app Instagram Direct Messages are the only ones in the testing that put no limit on how much data is downloaded to generate a link preview.


News URL

https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/