Instagram RCE vulnerability

Early September 2020, CVE-2020-1895 was published and is confirmed by Facebook.

A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128.

It was discovered early 2020 and Facebook fixed it in February 2020. An attacker could turn phones into spying tools and you should check that the instagram application installed on your phone has a version greater than 128.0.0.26.128 to make sure the problem was fixed.

This is an example of why it is important to use a dedicated phone to communicate with whistleblowers, rather than a personal phone that has many applications installed that could be used to exfiltrate informations.