Bleeping Computer
Technical details about a high-severity vulnerability in Facebook’s Instagram app for Android and iOS show how an attacker could exploit it to deny user access to the app, take full control of their account, or use their mobile device to spy on them.
To trigger the bug, an attacker had only to send the target a specially crafted image via a common messaging platform or over email.
The issue was in the way Instagram parsed images, so as long as the app could access it to show it as options for a post, the vulnerability would set off allowing dangerous actions.