A security researcher Carlos Reventlov published on Friday another attack on Facebook’s Instagram photo-sharing service that could allow a hacker to seize control of a victim’s account. The vulnerability is in the 3.1.2 version of Instagram’s application, which is susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s consent” An attacker on the same LAN of the victim could launch a simple arpspoofing attack to trick the iPhones into passing port 80 traffic through the attackers machine.
Source: https://thehackernews.com/2012/12/iphone-instagram-users-vulnerable-to.html