d on Friday another attack on
Facebook's Instagram photo-sharing service that could allow a hacker to
seize control of a victim's account.
"The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone."
Vulnerability Details -- The vulnerability is in the 3.1.2 version of Instagram's application, which is susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s consent Ⓐ
"The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone."
Vulnerability Details -- The vulnerability is in the 3.1.2 version of Instagram's application, which is susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s consent Ⓐ
No comments:
Post a Comment