A vulnerability in Instagram allowed an attacker to take over an Instagram account and turn the victim's phone into a spying tool by simply sending a malicious image by any media exchange platform.
Researchers at Check Point, who discovered the vulnerability, have now published a detailed explanation on the vulnerability, how it was discovered, and how it could be exploited.
The vulnerability has since been patched.
Check Point Research decided to examine Instagram because of its size and popularity. It has more than 1 billion users with more than 100 million photos uploaded every day. The researchers chose to examine some of the third-party open source projects used within the Instagram app -- and focused on Mozjpeg. This is an open source Jpeg encoder developed by Mozilla to maximize compression over performance for web images.
The researchers used a fuzzer on images sent to the Mozjpeg decompression function, and decided to concentrate on one specific crash caused by an out-of-bounds write. They found that they could use an integer overflow leading to a heap buffer overflow. Successful exploitation of such bugs requires precise positioning of heap objects to enable useful adjacencies for memory corruption.
They were able to use a function that performs a raw malloc with a size under their control. This allowed them to place the overflowed buffer at a position of their choice on the heap. Putting everything together, reported the researchers, they could "(1) construct an image with malformed dimensions that (2) triggers the bug, which then (3) leads to a copy of our controlled payload that (4) diverts the execution to an address that we control."
Exploiting this vulnerability would give the attacker full control over the Instagram ..
Support the originator by clicking the read the rest link below.
