This application is available for iOS here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on Dec 19, 2016.
This release transfers all your media data ‘as is’ without protection and rest data is still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted.
The new Instagram application is available and has the issues fixed. However, the network data items are still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look.
Findings Summary
Our examination revealed total 40 items, where were 12 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 5 bad items, 7 good items, and 0 best items. Among DIT items were found 6 worst items, 22 bad items, 0 good items, and 0 best items.
Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.
Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.
Now let’s go deeper and examine each data item’s protection level.
Continue reading “Instagram 10.3 (iOS/ App Store) on Jan 15, 2017”