A new security vulnerability has been discovered on the Instagram application for iPhone that can leave victims’ accounts at the mercy of cyber criminals.
Exposed by security researcher Carlos Reventlov, Instagram version 3.1.2 for iPhone, which came out in late October, is susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s consent”.
Reventlov submitted the flaw to Instagram last month but the photo-sharing outfit, now owned by Facebook, has yet to comment or reveal if it’s working on a fix.
"When the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server," Reventlov wrote in his website dedicated to security issues in popular iOS applications.
"Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos."
A separate report published on November 30th also claims the app is “vulnerable to a session riding attack that could lead an attacker on the same network to gain access to the victim’s account".
To the best of our knowledge, there haven’t been any widespread reports of Instagram accounts being taken over by hackers. However, it’s nonetheless a concern that we hope will be remedied soon in an upcoming update.
Have you experienced any problems with your Instagram account since updating last? Tell us in the comments section below.