The threat…
The risk here is what’s known as ‘data exfiltration’ (theft) achieved, in this instance, through exploiting a vulnerability within the Instagram app itself potentially granting control of “a user’s camera, contacts, GPS, photo library, and microphone” to a malicious actor with the user having done nothing more than opening an image, specially crafted by the attacker and delivered via email, WhatsApp or other medium.
The risk / mitigation…
This is obviously a concern from a personal privacy perspective but, in-terms of businesses, it highlights the importance of mitigations for mobile threats, such as Mobile Device Management (MDM) or Mobile Application Management (MAM) to protect company devices or company data when accessed from personal devices, as appropriate.
Read the full story here https://thehackernews.com/2020/09/instagram-android-hack.html
