Security expert re: Instagram vulnerability left app open to hijacking

By Security Experts
September 25, 2020

An RCE vulnerability in Instagram opened up an opportunity for hackers to hijack the app, and turn smartphones into spies.

EXPERTS COMMENTS

Jayant Shukla, CTO and Co-Founder, K2 Cyber Security
September 25, 2020

This latest discovered vulnerability in Instagram has many important lessons for enterprise security. First, the flaw is a Remote Code Execution (RCE) vulnerability, one of the most dangerous vulnerabilities because it gives the cybercriminal the ability to run arbitrary code on the exploited system. As such, it should be high on the list of vulnerabilities that are tested for in applications developed by enterprises. Second, the flaw is based on open source code, which since the pandemic began, has been used even more widely than ever by enterprises to get applications to production more quickly. Open source code is as likely to have vulnerabilities as any other code, so enterprises need to treat open-source code the same as any in-house developed code, with thorough testing to ensure no vulnerabilities exist. Third, and finally, the vulnerability is a good reminder to keep software and operating systems up to date and patched, as this vulnerability was patched after it was reported, but before the CVE was released to the public. Keeping your software up to date keeps systems and devices safe from cybercriminals using easy exploits with known CVEs.
