A critical Instagram flaw could have enabled attackers to perform remote code execution and access a victim’s camera, microphone, and other components, Check Point researchers found.
CVE-2020-1895 has a CVSS score of 7.8 and exists in the Instagram app on both Android and iOS. It was discovered in early February and reported to Facebook, Instagram’s owner, which issued a patch. Now that a fix has been available for six months, researchers who discovered this vulnerability are publicly disclosing the details of how an attack would unfold.
“All of social media has become, in this day and age, the most precious and wanted target,” says Check Point security researcher Gal Elbaz. It was for this reason the research team chose to audit the security of Instagram on…