Instagram 3.1.2 for iPhone has Vulnerability

A security researcher published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. The attack was developed by Carlos Reventlov around a vulnerability he found within Instagram in mid-November. He notified Instagram of the problem on Nov. 11, but as of last Tuesday, it had not been fixed.

The vulnerability is in the 3.1.2 version of Instagram's application, released on Oct. 23, for the iPhone. Reventlov found that while some sensitive activities, such as logging in and editing profile data, are encrypted when sent to Instagram, other data was sent in plain-text. He tested the two attacks on an iPhone 4 running iOS 6, where he first found the problem. Reventlov wrote that when the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server. Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.