URI Spoofing Vulnerability in Instagram for iOS and Android by Facebook
CVE-2020-20094

6.5MEDIUM

Key Information:

Vendor: Facebook
Status: Instagram
Vendor: CVE Published:; 23 March 2022

What is CVE-2020-20094?

A vulnerability exists in Instagram for iOS and Android that fails to properly represent URI messages in its user interface. This flaw allows attackers to exploit URI spoofing by crafting malicious messages that can mislead users into believing the messages originate from legitimate sources. Users on Instagram versions iOS 106.0 and earlier, as well as Android 107.0.0.11 and earlier, are particularly at risk. The inadequate representation of URI messages poses significant security concerns, potentially exposing users to phishing attacks and other malicious activities.

References

https://github.com/zadewg/RIUS

x_refsource_MISC

http://packetstormsecurity.com/files/166448/RTLO-Injectio...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Aug 13, 2020